Microsoft locks out VeraCrypt and WireGuard devs, blames verification process

What happened

It has been reported that two high-profile open-source maintainers — Mounir Idrassi of VeraCrypt and Jason Donenfeld of WireGuard — were abruptly locked out of their Microsoft developer accounts, leaving them unable to sign drivers or publish updates. Idrassi said, "Microsoft did not send me any emails or prior warnings," and allegedly received a termination notice that forbade appeal. Donenfeld described a similar surprise: one day he logged in to publish an update, and "yikes, account suspended." No human contact, only canned replies and bots, according to both.

Why it matters

This isn't just an admin headache. Signed updates and drivers are how kernel-level security fixes reach Windows users. Donenfeld warned — with a touch of gallows humor ("Jiminy Cricket!") — that the lockout could leave WireGuard unable to push patches if a zero-day were found. The outage also created a classic catch‑22: Microsoft’s AI-driven appeals tool would not let him select the deactivated workplace, so he could not file the appeal that would restore the account. A workaround — emailing other Microsoft teams and leaning on contacts — got an appeal logged, but it reportedly carries a 60‑day wait.

Microsoft response

Microsoft says it will work on how it communicates with developers, and it has been reported that the company attributed the incident to its automated verification processes. No detailed public explanation or timeline for faster remediation has been offered, and both maintainers say they have yet to receive clear human-led guidance. The episode raises fresh questions about reliance on automation for gatekeeping critical open‑source infrastructure — and who bears the risk when the robots go on strike.

Sources: The Register