Between January and March 2019, Microsoft scanned its users' accounts using a database containing more than 3 billion data leaked credentials. The company obtained them from many sources, such as law enforcement agencies or public lists of stolen login information. The scan showed that as many as 44 million users of Microsoft services use logins and passwords that were part of leaks from other network services.
When anyone sets up an account with a Microsoft service, the company always warns not to secure this account with a too weak password that is easy to guess. In addition, it encourages the use of two-step verification, which according to statistics blocks 99.9% of all attempts to take over the account. However, Microsoft has no influence on whether someone uses login credentials as for a Microsoft account on other websites.
If you use one password for all your accounts on the Internet, if in the case of one of these accounts a data leak occurs, all your other accounts, including Microsoft account, will be automatically threatened – regardless of how strong your password is. Hackers can try to take over access to all these accounts – in Google, Facebook and Twitter accounts.
In connection with the Microsoft scan forced password reset on all accountswhose data was found in databases with leaked information. Although the company does not require users to perform any additional activities, we do we encourage you to visit the website Have I Been Pwned, where after entering your email address you will find out whether your data was stolen as part of any leakage and whether it was pasted on the list of stolen data. In addition, use the tool on the same website Pwned Passwords, which after entering the password will tell you whether the password was stolen and how many times it was seen. If your password is not secure, just change it. Also, remember to enable two-step verification.