Microsoft is resetting passwords of 44 million users, all for security


Disturbing news.

Unfortunately, data leaks, including logins and passwords for accounts on various websites are now commonplace. That is why it is extremely important to take care of your online security in every way – using two-step verification, different passwords for different accounts and, for example, regularly checking that your data was not part of any leak. If you don't do all this, you may belong to 44 million users of Microsoft services whose login details appear to be on the list of stolen data.

Between January and March 2019, Microsoft scanned its users' accounts using a database containing more than 3 billion data leaked credentials. The company obtained them from many sources, such as law enforcement agencies or public lists of stolen login information. The scan showed that as many as 44 million users of Microsoft services use logins and passwords that were part of leaks from other network services.

When anyone sets up an account with a Microsoft service, the company always warns not to secure this account with a too weak password that is easy to guess. In addition, it encourages the use of two-step verification, which according to statistics blocks 99.9% of all attempts to take over the account. However, Microsoft has no influence on whether someone uses login credentials as for a Microsoft account on other websites.

If you use one password for all your accounts on the Internet, if in the case of one of these accounts a data leak occurs, all your other accounts, including Microsoft account, will be automatically threatened – regardless of how strong your password is. Hackers can try to take over access to all these accounts – in Google, Facebook and Twitter accounts.

microsoft login

In connection with the Microsoft scan forced password reset on all accountswhose data was found in databases with leaked information. Although the company does not require users to perform any additional activities, we do we encourage you to visit the website Have I Been Pwned, where after entering your email address you will find out whether your data was stolen as part of any leakage and whether it was pasted on the list of stolen data. In addition, use the tool on the same website Pwned Passwords, which after entering the password will tell you whether the password was stolen and how many times it was seen. If your password is not secure, just change it. Also, remember to enable two-step verification.

Source: ZDNet