After a scan of all of the corporate’s consumer accounts performed between January and March of this 12 months, the Microsoft threat research team found that 44m users are reusing usernames and passwords that had been leaked on-line following safety breaches at different on-line companies.
The software program large defined that it scanned consumer accounts through the use of a database of greater than three billion leaked credentials that it obtained from a number of sources together with legislation enforcement and public databases.
By conducting the scan, Microsoft was in a position to determine users who had reused the identical usernames and passwords throughout a number of on-line companies. The firm defined what it did after it found that users had reused usernames and passwords, saying:
“For the leaked credentials for which we discovered a match, we pressure a password reset. No further motion is required on the buyer aspect. On the enterprise aspect, Microsoft will elevate the consumer threat and alert the administrator so {that a} credential reset will be enforced.”
Credential reuse
Microsoft and different tech giants usually warn users towards utilizing weak or easy passwords when creating an account however sadly these warnings don’t apply when a somebody reuses credentials from one other service.
While Microsoft checks to guarantee that its users are using complicated passwords, there is no such thing as a approach for the corporate to know if a consumer has reused that password for different companies.
After a third-party service suffers a safety breach that ends in consumer credentials being leaked on-line, this additionally places a consumer’s Microsoft account in danger even when they’ve employed a robust password.
To forestall hackers and different malicious actors from taking on your accounts after an information breach, it’s extremely advisable that you simply use a unique password for every on-line service you employ.
Via ZDNet