Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects

Home Cyber Security News Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects Microsoft has suspended the Windows Hardware Program developer accounts of two critical open-source security projects, VeraCrypt and WireGuard, blocking their ability to sign drivers and push updates to millions of Windows users, with no prior warning or explanation provided to the developers. Mounir Idrassi, the lead developer of VeraCrypt, revealed in a March 30 post on SourceForge that Microsoft had abruptly terminated the account he had relied on for years to sign Windows drivers and the bootloader. “I didn’t receive any emails from Microsoft nor any prior warnings,” Idrassi told 404 Media. Days later, Jason Donenfeld, creator of the widely used WireGuard VPN protocol, disclosed that he had faced an identical lockout without any notification from Microsoft about a new identity verification requirement. VPN provider Windscribe also reported a similar account suspension, suggesting a broader enforcement sweep. IT APPEARS @MICROSOFT IS ACTIVELY SUSPENDING DEVELOPER ACCOUNTS WITH NO WARNING OR REASON OF VARIOUS SECURITY TOOLS LIKE VERACRYPT, WIREGUARD AND ALSO WINDSCRIBE. WE'VE HAD THIS VERIFIED ACCOUNT FOR 8+ YEARS TO SIGN OUR DRIVERS. WE'VE BEEN TRYING TO RESOLVE THIS FOR OVER A… HTTPS://T.CO/IWKRYUWKUO PIC.TWITTER.COM/7VCNAQIBNP — Windscribe (@windscribecom) April 8, 2026 A Microsoft developer account is required to authenticate third-party drivers on Windows 10 and 11. Without a valid, signed driver, Windows marks it as unsigned and prevents it from loading at the kernel level, making new builds functionally undeliverable to end users. Suspended Developer Accounts The suspensions appear to stem from Microsoft’s tightening of identity verification policies under its Partner Center program. Microsoft began enforcing stricter MFA and identity verification requirements beginning October 2025, with full API enforcement kicking in on April 1, 2026. The new policy requires developers to undergo re-verification through trusted third-party identity verification vendors (IDVs) using government-issued ID documents. Accounts where identity verification is rejected and no “Fix now” option is presented are automatically suspended with no further recourse. Neither Idrassi nor Donenfeld appears to have been notified that re-verification was required, leaving both developers effectively caught off guard. The impact extends far beyond a bureaucratic inconvenience. VeraCrypt is one of the most trusted open-source disk encryption tools for Windows, relied upon by privacy-conscious individuals, journalists, and enterprises worldwide. Idrassi has warned that if the issue remains unresolved, Secure Boot will refuse to allow VeraCrypt to encrypt system drives as of June 2026, describing the situation as a potential “death sentence for VeraCrypt”. For WireGuard, the suspension means Donenfeld cannot ship updates to WireGuard for Windows, leaving users potentially exposed if a vulnerability is discovered in the interim. The incident drew swift attention from inside Microsoft itself. Developer advocate Scott Hanselman stepped in, reaching out directly to both developers via email and pledging to expedite a resolution. As of April 9, resolutions are expected shortly, though both developers are currently navigating a 60-day appeals process with no guaranteed outcome. The episode has reignited criticism over the fragility of critical open-source infrastructure when it depends on a single vendor’s gatekeeping mechanisms. This incident underscores a systemic risk: open-source security projects that underpin global privacy infrastructure remain dangerously dependent on opaque, automated enforcement systems at large platforms. When those systems misfire silently and without appeal pathways, the downstream consequences for end-user security can be severe and immediate. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News New RoningLoader Campaign Uses DLL Side-Loading and Code Injection to Evade Detection Chrome Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code Cyber Security News New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026