Microsoft discovered that there are millions of accounts whose owners use information that has been leaked through security violations, and that came after the threat research team at the company examined all Microsoft user accounts and found that 44 million users use weak data that has leaked over the Internet after security breaches in other services via Internet.
The examination process took place between January and March 2019, and the software giant said: It examined user accounts using a database of more than three billion leaked credentials, obtained from multiple sources, such as law enforcement agencies and public databases.
The examination helped Microsoft identify users who re-used the same usernames and passwords across different online accounts, and these accounts were distributed between regular user accounts used by consumers (Microsoft service accounts) and Microsoft Azure AD enterprise accounts
Microsoft said: We imposed a password reset for the leaked credentials that we found identical, and no further action is required on the consumer side. “Microsoft will institutionally raise the user’s risks and alert the administrator so that the credentials can be reset.”
The software giant is a strong advocate and promoter of MFA solutions, and said earlier this year: Enabling MFA security measures for Microsoft prevents 99.9 percent of all attacks and attempts to bypass MFA are so rare that the security team Her affiliate has no statistics on this type of threat.
Microsoft usually warns against using weak or easily guessable passwords when setting up an account, but these warnings do not cover password reuse scenarios, because users may use a strong password that is able to pass security tests, but Microsoft has no way to know if a user is This password may be reused elsewhere.
It is noteworthy that an academic research study conducted in 2018 that included 28.8 million user accounts has found that password reuse and small changes to the original password were common among 52 percent of users, and the same study also found that 30 percent of modified passwords and all words The reused pass can only be broken with 10 guesses.
0 Comments