Microsoft Suspends Developer Accounts for Major Open-Source Projects Without Warning
Microsoft has reportedly suspended developer accounts that were used to run multiple high-profile open-source projects without providing proper notification to the affected developers. According to a detailed report from Bleeping Computer, the list of impacted projects includes Virtual Private Network (VPN) software WireGuard, on-the-fly encryption (OTFE) utility VeraCrypt, the MemTest86 Random Access Memory (RAM) testing and diagnosis tool, and the Windscribe VPN software.
Developers Express Frustration Over Lack of Communication
VeraCrypt developer Mounir Idrassi revealed last week that Microsoft terminated the account he had used for years to sign Windows drivers and the bootloader. "Microsoft did not send me any emails or prior warnings. I have received no explanation for the termination and their message indicates that no appeal is possible," Idrassi stated, as quoted by the publication. He added that attempts to contact Microsoft through various channels only resulted in automated replies and bots, leaving him unable to reach a human representative.
Idrassi emphasized the severe impact on his project: "I cannot publish Windows updates. Linux and macOS updates can still be done but Windows is the platform used by the majority of users and so the inability to deliver Windows releases is a major blow to the project."
Similar Experiences Across Multiple Projects
The report indicates that WireGuard maintainer Jason A. Donenfeld and the development teams for Windscribe and MemTest86 had similar experiences. Donenfeld told Bleeping Computer, "No warning at all, no notification. One day I sign in to publish an update, and yikes, account suspended. Currently undergoing some sort of 60 days appeals process, but who knows." He expressed concern about potential security risks: "That's kind of crazy: what if there were some critical RCE in WireGuard, being exploited in the wild, and I needed to update users immediately?"
Microsoft's Explanation for the Suspensions
According to a TechCrunch report, Microsoft Vice President Scott Hanselman explained that the developer accounts were automatically suspended because they failed the "mandatory account verification for all partners in the Windows Hardware Program who have not completed account verification since April 2024." Hanselman noted that the company had been informing "everyone" about this requirement since October 2025.
In a March 30 update, Microsoft provided further clarification: "Account verification for the Windows Hardware Program has now concluded. Accounts that did not successfully complete account verification and received a Rejected verification status have been suspended from the Windows Hardware Program, and submissions from these accounts are no longer permitted."
Implications for the Open-Source Community
This incident raises significant concerns within the open-source community regarding:
- Communication gaps between large corporations and independent developers.
- Security vulnerabilities that may arise when critical updates cannot be deployed promptly.
- Reliance on proprietary platforms for distributing open-source software, which can lead to unexpected disruptions.
The suspensions highlight the challenges faced by developers who depend on Microsoft's ecosystem to reach a broad user base, particularly for Windows-based applications. As the situation unfolds, affected projects are exploring alternative distribution methods while awaiting potential resolutions through Microsoft's appeals process.
