Microsoft Uncover Leaked Credentials Affecting 44 Million Users


As reported by Forbes earlier this week., the Microsoft threat research team has revealed that more than 44 million user accounts had a serious security problem.

Considering that data breaches are known to have exposed 4.1 billion records in the first six months of 2019 alone, there’s obviously plenty of this kind of credential data floating around, and plenty that is traded across dark web markets. Security researchers analyze this breach data, and by so doing, it’s possible to get an idea of the most commonly reused and therefore insecure passwords. The Microsoft identity threat research team was also looking for these compromised credentials to cross-check against the Microsoft user eco-system.

Across just the first three months of 2019, Microsoft found some 44 million accounts that were reusing passwords found within those breached credentials databases. You might think that 44 million reused passwords, out of more than 3 billion breached credentials, isn’t too bad a percentage. Unless you are one of those Azure AD or Microsoft Account holders with the password problem, of course.

Don’t think you are safe just because you don’t use any of the headline passwords mentioned in the “most reused passwords” lists that regularly appear online, as threat actors use a variety of techniques to reveal login credentials. If one of your passwords turns up in a breached database and you use it to access your email account, for example, it’s often game over as far as your security is concerned.

What is password reuse?

Don’t think you are safe just because you don’t use any of the headline passwords mentioned in the “most reused passwords” lists that regularly appear online, as threat actors use a variety of techniques to reveal login credentials. If one of your passwords turns up in a breached database and you use it to access your email account, for example, it’s often game over as far as your security is concerned.

Password security advice for Microsoft users

Microsoft state that it’s “critical to back your password with some form of strong credential,” and suggests that Multi-Factor Authentication (MFA) is a recommended mechanism to achieve this. “Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA,” the report stated. Unfortunately, as Kolochenko said, while “Two (2FA) and Multi-Factor Authentication (MFA) can considerably reduce those risks, most users regard these as irritating inconveniences and would rather deactivate them whenever possible.”

The Microsoft report goes on to say that it’s “critical to back your password with some form of strong credential,” and suggests that Multi-Factor Authentication (MFA) is a recommended mechanism to achieve this. “Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA,” the report stated. Unfortunately, as Kolochenko said, while “Two (2FA) and Multi-Factor Authentication (MFA) can considerably reduce those risks, most users regard these as irritating inconveniences and would rather deactivate them whenever possible.”

Enterprise Users

The situation is less straightforward for business users. Microsoft stated that it would “elevate the user risk and alert the administrator,” for enterprise accounts, with the administrator then having to ensure a credential reset is enforced. The reused credentials statistics were not broken down into consumer and enterprise accounts, so it’s not clear as to how many businesses could be impacted by this.

Radius Technologies can help defend your business against potential cyberattacks. From IT security audits, security implementation to Dark Web Monitoring for your domain, contact our sales team today to start defending your business against costly cyberattacks.

 

Click here to see our IT and Data Securities services.


Related News


Office 365
Senior IT Engineer (Level 3)

We require a customer-focused, energetic and experienced IT Engineer for our Waterford Office. The right candidate will have 5 years of IT experience and possess a passion for problem-solving and critical thinking within a fast-paced working environment.

View All

Call our sales team now on LoCall 1890 592500.

Alternatively, please send us a message via the form below and we’ll call you back.

Get in Touch

Certified Excellence


Radius maintain both ISO quality and Information Security certification. With GDPR regulations now in force, it’s critical that your IT partner handles your organisation’s sensitive data with the highest of standards.

ISO Quality and Information Security certification requires rigorous processes to be embedded at the heart of everything we do. Radius is proud to maintain this standard, awarded to only the very top tier of IT service providers.

Industry leading partnerships

Radius is a gold Microsoft partner for Datacenter and Cloud Solutions, a preferred HP and Cisco partner and a Retail Excellence Ireland gold partner. These partnerships give us unrivalled access to the best technology to support our clients’ IT and Telecoms needs.