Microsoft: 44 Million Passwords Have Been Breached
Tech giant Microsoft has made a public statement urging its users to reset their passwords after discovering that tens of millions of its users have been using log in credentials that have been breached in the past.
These breaches put individuals and organisations alike at risk of a cyber breach and account takeover, and were discovered after a three-month study that was conducted earlier this year.
Between January and March 2019, Microsoft’s threat research team worked away on checking the credentials of more than 3-billion log ins that were known to have been compromised by hackers using third-party sources, law enforcement and public databases.
Microsoft found that more than 44 million Microsoft Services Accounts, used mostly by consumers and AzureAD accounts were amongst the list of breached accounts, putting organisations at risk of a cyber breach and individuals at risk of identity and monetary theft by a willing hacker.
“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side,” Microsoft explained in a statement. “On the enterprise side, Microsoft will elevate the user risk and alert to the administrator so that a credential reset can be enforced.”
“Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture,” the company stated.
Microsoft says that more than 99.9% of identity attacks could in some way be prevented or mitigated by the enabling of multi-factor authentication.
According to Info Security Magazine, “the advice is especially important in the context of ongoing credential stuffing attacks. A report from Akamai earlier this year claimed that such attacks are costing the average EMEA firm on average $4 million annually in-app downtime, lost customers and extra IT support.”
This is in addition to a 2018 study purporting to show that more than 30 million users stated password reuse was a normal habit of more than half (52%) of users, while nearly one-third (30%) of modified passwords were simple enough for a hacker to guess in just ten guesses.
A poll from Google shows the extent of the problem, with their results showing a mere 35% of its users used different passwords across all their accounts, with just under one-quarter (24%) using a password manager to keep their log in details secure.