A federal judge granted Microsoft’s motion to dismiss a lawsuit alleging that the company misused a security threat intelligence firm’s proprietary database of more than 360 million compromised account logins and passwords.
However, the Dec. 5 ruling by U.S. Senior District Judge Marsha J. Pechman in Seattle left the door open for Hold Security LLC to refile the case to address what the judge found to be shortcomings in its facts and arguments.
Hold Security, based in the Milwaukee area, alleged in its suit earlier this year that Microsoft misused Hold’s database of stolen account credentials, culled from the dark web, by going beyond the scope of the contract between the companies, which was aimed at protecting Microsoft customers.
As reported by GeekWire at the time, the suit by Hold Security alleged that Microsoft used the data to help launch its own service, Active Directory Federation Services, and applied the data to LinkedIn and GitHub, two companies acquired by Microsoft in 2016 and 2018, respectively.
Microsoft argued in its Aug. 4 motion to dismiss, “The plain language of the contract directly contradicts Hold’s theory, which unsurprisingly rests on statements in a pre-contractual e-mail that were omitted from, and expressly superseded by, the contract at issue.”
The Redmond company asked the court to dismiss Hold’s suit with prejudice, meaning that Hold wouldn’t have the option to refile its complaint, but Pechman in her ruling this week declined to go that far, raising the possibility that the case could continue if the plaintiff decides to reformulate its complaint.
Hold’s complaint was originally filed in King County Superior Court in Seattle in June but was was moved to U.S. District Court shortly thereafter.