[causi]

Because it wasn't OP who was hacked? The victim of the crime is Azure, not OP. If I have an Xbox account and someone hacks it and buys a bunch of games, it is the criminal who is deceiving Microsoft into thinking they are someone else. Microsoft trying to charge me for something someone else did would just be a second incidence of fraud. I could leave my Amazon account open on my desk and, assuming I could prove it with security camera footage, someone could walk up and order something and it still would be them defrauding Amazon, not them defrauding me.

[cmeacham98]

I'm not a lawyer, so this is not a legal prescription (I do not know who is legally liable in this scenario, I suspect it depends a lot on the details).

That said, it seems like for society to work as it does we need people to take some level of responsibility over their action and inaction related to account security. If I live in the world you describe all online services will be forced to make you upload a photo ID for each purchase to confirm it is you.

[kelnos]

The problem with this stance is that the corporation naturally has much more power in the economic relationship than the customer does. If you give the vendor too much leeway to say "the customer should have been more careful with their credentials!" then they will always say that -- and usually prevail in that opinion -- even when the customer couldn't reasonably have done better.

[cmeacham98]

You seem to believe I said something like "we should always believe the company no matter what the evidence says", but if you reread my comment you'll find that I didn't.

[calvinmorrison]

Azure does bills on credit, IE: you spend and pay later. That's up to them, but it's far riskier than prepurchased credits.

I'd find a jury unwilling to believe that a similar real life scenario would raise no flags. It's only a flag raiser because tech companies have automated away all human interaction with billing. Imagine someone claiming to be bob, who regularly shops at the grocery store for 100 dollars a week, now wants to come in and spend, say, 10,000 dollars, on credit. This would be a red flag to any proprietor. Now imagine that proprietor going after bob, who was not there, and claim he is responsible.

[gigel82]

We don't know enough about what happened but I disagree this should be an automatic red flag from the provider's side. I'm sure Azure has spending limits and alarms that one can set up (and probably should).

The attitude of "provider should eat the cost" is ripe for abuse. I can set up some expensive GPU instances to train my GPT4 clone (millions worth of compute) than -after getting my models- claim I was "hacked" and refuse to pay my bill. Or maybe -more benign- have some buyer remorse after setting up a public instance for people to test out my new AI product then get scared when it gets the HN "hug of death" and my bill skyrockets.

[rtev]

This is 100% OP’s fault, it’s not like Azure itself was breached. Their account got hacked due to weak security practices on their part.