In an internal security review conducted by Microsoft, it was revealed that more than 44 million user accounts are using the same username and passwords that have been leaked through security breaches.
Going deep into the details, a team of researchers from Microsoft’s Threat Research carried out a scan on the usernames and passwords being used on its services between Jan-March’19 this year. The data was then compared to the list of 3 billion credentials which revealed that 44 million passwords were being used on multiple sites.
Microsoft says that the passwords were spread in two variants- one related to user accounts of consumers (Microsoft Service Accounts) and the second related to enterprise accounts of Microsoft Azure AD Logins.
All users whose accounts have been compromised will be asked to reset their passwords and Microsoft is likely to send an email request to the impacted ones by this month-end.
Note 1- Microsoft is urging its users not to use the same password for other online services. It is also requesting the users to go for a password which is a mixture of Alpha-numeric characters along with special characters and must contain at least one or two capital letters.
Note 2- Nowadays, all online- service offerings companies are presenting the privilege of using the same username and passwords across all their services. Google and Microsoft do the same and so does Amazon.
Note 3- Using a Multi-factor authentication or a 2FA makes sense….isn’t it?