Azure subscription blocked due to abuse - suspected API key exposure and unknown resource deployment

Question

Azure subscription blocked due to abuse - suspected API key exposure and unknown resource deployment

limce106 0

화면 캡처 2025-06-03 214014

User's image

I received an e-mail from Microsoft saying that Azure Resource Operations have been blocked due to abuse with my Azure Subscription. As I have checked, this issue has happened in the past when GitHub has accidentally released files containing Azure subscription keys for a while, which strongly suspects that my Azure subscription key has been exposed. I haven't recently created or actively used any new resources with that Azure subscription. However, when I clicked View Resources in the Subscription Overview, I noticed that along with the many Virtual Machine Scale Sets (VMSS) resources that I didn't create, there are vast numbers of Virtual Networks deployed and in use across different global regions (e.g., Central Mexico, Eastern Japan, Northern Europe, etc.). (Attach both screenshots.) You do not currently need to use the key of this subscription itself, and you can also remove it if necessary. However, there needs to be a fundamental solution to my Azure subscription key being exposed and exploited without permission, which can lead to large amounts of unauthorized distribution of resources and problems with using Microsoft Azure services in the future. Therefore, we request the following: Unblocked support applied to the current subscription. Detailed security analysis and identification of what activities happened through exposed keys and how these large-scale VMSS and Virtual Network resources were deployed. Guidance and support for actions to be taken to prevent similar security incidents from happening again in the future.

Pranay Reddy Madireddy 6,180 Reputation points Microsoft External Staff Moderator

2025-06-05T16:27:18.6366667+00:00

Hi limce106,
Just want to check if the below information provided is helpful for you. Let me know if you need further clarification or assistance. Feel free to reach out if you have any further questions or need additional information. I’m happy to assist.

Please provide your valuable comments.

please click "Upvote" if this information helps!!
limce106 0 Reputation points

2025-06-06T10:34:37.3733333+00:00

Thank you for your assistance Mohan Krishna T Sreeramulu. I went to the Azure portal and submitted a support request. However, when I tried to select "Technical" as the issue type, I was informed that it requires a paid support plan. Since I am using a free subscription, I submitted the request under "Manage Subscriptions" instead.

After submitting the request, I received a support extension warning notification, but I also received an email confirming that the request was submitted successfully.

1 answer

Your answer

Pranay Reddy Madireddy 6,180 Reputation points Microsoft External Staff Moderator

2025-06-05T16:27:18.6366667+00:00

Hi limce106,
Just want to check if the below information provided is helpful for you. Let me know if you need further clarification or assistance. Feel free to reach out if you have any further questions or need additional information. I’m happy to assist.

Please provide your valuable comments.

please click "Upvote" if this information helps!!
limce106 0 Reputation points

2025-06-06T10:34:37.3733333+00:00

Thank you for your assistance Mohan Krishna T Sreeramulu. I went to the Azure portal and submitted a support request. However, when I tried to select "Technical" as the issue type, I was informed that it requires a paid support plan. Since I am using a free subscription, I submitted the request under "Manage Subscriptions" instead.

After submitting the request, I received a support extension warning notification, but I also received an email confirming that the request was submitted successfully.

Answer 1

Hi limce106,

You received an email from Microsoft saying your Azure subscription has been blocked due to abuse. Upon checking, you found unfamiliar and suspicious resources such as Virtual Machine Scale Sets and Virtual Networks deployed across multiple global regions that you didn’t create. You also mentioned this might be due to an exposed Azure subscription key, possibly through a public GitHub repository (which is a common source of accidental secrets leakage).

This scenario strongly suggests that your subscription has been compromised, and malicious activity occurred dure to it to spin up resources, possibly for unauthorized purposes.

Since your subscription is already blocked, Microsoft has taken the first and most important step to prevent further still, it's essential t

Rotate all access keys and credentials (including service principals, shared keys, and tokens)

Revoke any unauthorized role assignments or identities.

To unblock the subscription, you must create a support request with Microsoft to:

Request detailed analysis of the breach.

Ask for resource usage reports, timelines, and origin IPs.

Request for your subscription to be unblocked after cleanup and investigation.

Please follow the below steps to raise a request,
1.Go to Azure Portal -> Click on help+support -> create a support request

User's image

2. If you see Support AI Assistant as shown below, click Switch to classic experience button on right. If not, proceed to step #3

User's image

Choose these options,
User's image Please let me know if you are able to create a support request. If not, I will be able to help you in raising the request.

Share via

Azure subscription blocked due to abuse - suspected API key exposure and unknown resource deployment

1 answer

Your answer