[SoftTalker]

Don't pay it. Send them notice, by registered letter, that the charges are fradulent. If a credit card was charged, try to initiate a chargeback/fraud claim.

Once you pay it, you lose all leverage. You're much less likely to ever get any money back.

Probably consult with a lawyer.

Cloud hosting charges are basically all profit for the hosting company. They didn't really lose anything except a bit of electricity. In my experience, companies are pretty willing to forgive fraudulent charges if you don't have an unusual history of them.

[dusted]

Playing the devils advocate here (though, to be honest, I am very much a hosted-on-premise kind of angry old man here)..

Allowing that is a slippery slope for a cloud host. If people can simply say "oh, someone used our credentials to do that thing that cost a lot of money" as a get-out-of-bill card..

If they were legitimately hacked, as in, the intruder did NOT simply obtain their access credentials, but actually bypassed the security system itself (hacking into the actual azure host, or exploiting a technical glitch in the azure login system) then, of course they should forgive the bill (and apologize to their customers)..

[qolop]

It's definitely not a slippery slope. Firstly it's a drop in the ocean for cloud providers. Secondly, there's some effort required in establishing whether it was a case of stolen credentials or not. Not everyone is going to put in that effort to lie. And finally, you're forgetting that most cloud users are enterprises and small business that have some moral compass and aren't going to lie to the cloud providers to their face.

[Salgat]

If your business is dependent on Azure, what happens when they shut down your services for lack of payment? This seems extremely risky.

[Rastonbury]

They business might not be able to pay 100x their monthly cost either

[kelnos]

If choosing to go this route, back up any data stored on Azure, and start looking into how to migrate everything to AWS or GCP or something else, without incurring too much downtime. Refusing to pay the charge, issuing a chargeback, or even getting a lawyer involved could get OP's account terminated, or at least suspended.

[amerkhalid]

Or even go back to good old VPS/metal servers. Maybe a little more work upfront but less likely to have surprises like this. Also more competition in that space and no worries about vendor lock-ins.