44 million Microsoft accounts found to be using breached passwordsAuthor : AZIndia News Desk
American multinational tech giant, Microsoft has revealed that 44 Million accounts were found using breached user names and passwords.
The breached accounts included Microsoft service accounts, which are essentially consumer accounts, and enterprise accounts (Azure AD logins).
The vulnerability of the Microsoft accounts was found when the company's threat research team conducted a scan of its accounts between January and March, in which the accounts were matched to three billion sets of leaked credentials, and found 44 million matches.
Microsoft in a statement clarified that they have forced a password reset on the consumer accounts with leaked credentials. "For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side ... On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced."
Microsoft also recommended customers to back passwords with strong security mechanisms. "It is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture. Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA." a statement by Microsoft read.