Microsoft’s threat research team analyzed a database, which contained over 3 billion leaked credentials and found that 44 million of its users are using usernames and passwords that have been leaked in security breaches.
As ZDNet reports, the tech company scanned all Microsoft accounts between January and March of this year. Microsoft then compared the accounts to the database of leaked credentials and discovered 44 million matches.
The accounts are composed of regular user accounts, as well as, Azure AD accounts.
In response to the discovery, Microsoft says:
“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side … On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.”
Additionally, Microsoft recommends that users strengthen their security by implementing Multifactor Authentication (MFA).
“Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture. Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA.”