Compromised Passwords Used on 44 Million Microsoft Accounts
44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking due to use of compromised passwords, Microsoft has shared.
The discovery was made in the first quarter of 2019, when the company’s identity threat research team checked billions of credentials compromised in different breaches against Microsoft consumer and enterprise account credentials.
Data breaches have become a fact of life for both businesses and individuals, making password reuse across online accounts a big problem. Year after year, surveys show that convenience trumps security for too many users – even infosec professionals.
Some organizations set up stringent password rules to prevent users from choosing short, predictable and easy-to-guess passwords. To help with that Microsoft has, for example, provided Azure AD Password Protection to enterprise users.
Google has also offered Chrome users an extension that detects username/password combinations that have been compromised due to breaches and recently built the technology into Google Account’s Password Manager (and soon the Chrome browser).
Read more: Help Net Security