INSUBCONTINENT EXCLUSIVE:
After a scan of all of the company's user accounts conducted between January and March of this year, the Microsoft threat research team
discovered that 44m users are reusing usernames and passwords that were leaked online following security breaches at other online
services.The software giant explained that it scanned user accounts by using a database of more than three billion leaked credentials that
it obtained from multiple sources including law enforcement and public databases.By conducting the scan, Microsoft was able to identify
users who had reused the same usernames and passwords across multiple online services
The company explained what it did after it discovered that users had reused usernames and passwords, saying:"For the leaked credentials for
which we found a match, we force a password reset
No additional action is required on the consumer side
On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be
enforced."Microsoft and other tech giants typically warn users against using weak or simple passwords when creating an account but
unfortunately these warnings do not apply when a someone reuses credentials from another service.While Microsoft checks to make sure that
its users are utilizing complex passwords, there is no way for the company to know if a user has reused that password for other
services.After a third-party service suffers a security breach that results in user credentials being leaked online, this also puts a user's
Microsoft account at risk even if they have employed a strong password.To prevent hackers and other malicious actors from taking over your
accounts after a data breach, it is highly recommended that you use a unique password for each online service you use.Via ZDNet
