Millions of Microsoft users are reusing passwords

44 million Microsoft users are guilty of credential reuse

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

After a scan of all of the company’s user accounts conducted between January and March of this year, theMicrosoft threat research teamdiscovered that 44m users are reusing usernames and passwords that were leaked online following security breaches at other online services, despite the widespread availability ofpassword managers.

The software giant explained that it scanned user accounts by using a database of more than three billionleaked credentialsthat it obtained from multiple sources including law enforcement and public databases.

By conducting the scan,Microsoftwas able to identify users who had reused the same usernames and passwords across multiple online services. The company explained what it did after it discovered that users had reused usernames and passwords, saying:

“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.”

Credential reuse

Microsoft and other tech giants typically warn users against using weak or simple passwords when creating an account but unfortunately these warnings do not apply when a someone reuses credentials from another service.

While Microsoft checks to make sure that its users are utilizing complex passwords, there is no way for the company to know if a user has reused that password for other services.

After a third-party service suffers a security breach that results in user credentials being leaked online, this also puts a user’s Microsoft account at risk even if they have employed a strong password.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To prevent hackers and other malicious actors from taking over your accounts after a data breach, it is highly recommended that you use aunique passwordfor each online service you use.

ViaZDNet

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Viltrox is changing the game for camera lenses, with its latest premium prime matching Sony’s best for half the price