Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
FCC Bans Chinese Telecom Equipment From Huawei, ZTE, Others Over Security Risks
July 2, 2026
Critical JetBrains Flaws Allow Auth Bypass, Code Execution
July 2, 2026
Critical Microsoft Defender, Sysmon Flaw Lets Attackers Disable Security
July 2, 2026
Home/CyberSecurity News/Microsoft Suspends Developer Accounts for Open-Source Projects
CyberSecurity News

Microsoft Suspends Developer Accounts for Open-Source Projects

Key Takeaways Microsoft has suspended the developer accounts for prominent open-source security projects VeraCrypt and WireGuard. The suspensions prevent these projects from signing critical Windows...

David kimber
David kimber
April 9, 2026 4 Min Read
28 0

Key Takeaways

  • Microsoft has suspended the developer accounts for prominent open-source security projects VeraCrypt and WireGuard.
  • The suspensions prevent these projects from signing critical Windows drivers, halting updates and potentially impacting functionality for millions of users.
  • The issue appears to stem from Microsoft’s stricter identity verification policies, which developers claim were enforced without prior notification.
  • Microsoft developer advocates are working to resolve the situation, but the incident highlights the fragility of open-source projects reliant on major platform gatekeepers.

Microsoft has abruptly suspended the Windows Hardware Program developer accounts for two widely used open-source security tools, VeraCrypt and WireGuard. This action effectively blocks their ability to digitally sign drivers and distribute essential updates to a vast user base on Windows operating systems. Developers for both projects reported receiving no advance warning or explanation for the immediate lockout.

Table Of Content

  • Key Takeaways
  • Stricter Verification Rules Implicated in Suspensions
  • What You Should Do

Mounir Idrassi, the principal developer behind the disk encryption software VeraCrypt, publicly disclosed on March 30 via a SourceForge post that Microsoft had unexpectedly terminated the account he utilized for years to sign Windows drivers and the bootloader component.

“I didn’t receive any emails from Microsoft nor any prior warnings,” Idrassi informed 404 Media. A few days later, Jason Donenfeld, the creator of the popular WireGuard VPN protocol, revealed he had encountered an identical account suspension. He also stated he received no notification from Microsoft regarding any new identity verification requirements. VPN provider Windscribe subsequently reported a similar account suspension, suggesting a broader enforcement action by Microsoft.

It appears @Microsoft is actively suspending developer accounts with no warning or reason of various security tools like VeraCrypt, WireGuard and also Windscribe. We’ve had this VERIFIED account for 8+ years to sign our drivers.

We’ve been trying to resolve this for over a… https://t.co/7VcnAQIbnP pic.twitter.com/7VcnAQIbnP

— Windscribe (@windscribecom) April 8, 2026

A valid Microsoft developer account is mandatory for authenticating third-party drivers on Windows 10 and 11. Without a properly signed driver, Windows operating systems will flag it as unsigned and prevent it from loading at the kernel level. This renders new software builds effectively unusable for end-users.

Stricter Verification Rules Implicated in Suspensions

The root cause of these suspensions appears to be Microsoft’s enforcement of more stringent identity verification policies within its Partner Center program. Microsoft initiated tighter multi-factor authentication (MFA) and identity verification requirements starting October 2025, with full API enforcement taking effect on April 1, 2026.

This updated policy mandates that developers undergo re-verification through approved third-party identity verification vendors (IDVs), typically requiring government-issued identification documents. Accounts where identity verification fails and no “Fix now” option is provided are automatically suspended, often without further recourse for the developer.

Crucially, neither Idrassi nor Donenfeld seems to have been informed that re-verification was necessary, leaving both developers unprepared for the account terminations.

The ramifications of these suspensions extend beyond mere administrative inconvenience. VeraCrypt stands as one of the most trusted open-source disk encryption utilities for Windows, relied upon globally by individuals prioritizing privacy, journalists, and various enterprises.

Idrassi has cautioned that if the issue remains unresolved, Windows Secure Boot will prevent VeraCrypt from encrypting system drives as of June 2026, describing the situation as a potential “death sentence for VeraCrypt.”

For WireGuard, the suspension means Donenfeld is currently unable to release updates for WireGuard on Windows. This could leave users vulnerable if a security flaw is discovered before the issue is resolved.

The incident quickly garnered attention within Microsoft. Scott Hanselman, a prominent developer advocate at Microsoft, intervened by directly contacting both developers via email and committing to expedite a resolution.

As of April 9, resolutions are anticipated soon, though both developers are presently navigating a 60-day appeals process with no guaranteed outcome. This episode has reignited discussions about the inherent fragility of critical open-source infrastructure when it depends on the gatekeeping mechanisms of a single vendor.

This incident vividly illustrates a systemic risk: open-source security projects that form the bedrock of global privacy infrastructure remain precariously dependent on opaque, automated enforcement systems managed by large platforms. When these systems malfunction silently and without clear appeal pathways, the downstream consequences for end-user security can be both severe and immediate.

What You Should Do

  • For VeraCrypt users: Monitor official VeraCrypt channels for updates. Be aware of potential future compatibility issues with Secure Boot if the signing problem is not resolved by June 2026.
  • For WireGuard users: Be aware that new updates for WireGuard on Windows are currently stalled. Ensure your existing WireGuard installation is up-to-date with the last signed version.
  • For all Windows users: Exercise caution with any unsigned drivers. Windows is designed to block unsigned drivers for security reasons.
  • For open-source developers: Review Microsoft’s Partner Center identity verification policies, especially regarding re-verification requirements, to avoid unexpected account suspensions.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

SecurityVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code

Next Post

Hackers Claim 10 PB Data Stolen From China’s Tianjin Supercomputer Center

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
WinRAR 7.23 Patches Critical Heap Overflow Vulnerability CVE-2024-XXXX
July 2, 2026
Medtronic Confirms Data Breach, Corporate IT Systems Compromised
July 2, 2026
Critical ClamAV Vulnerabilities Let Attackers Trigger DoS
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us