Microsoft’s security experts have compared publicly available account data with the accounts of their own customers and made an unsightly discovery: 44 million accounts were “protected” with passwords that were also used for other services.
For the comparison, which already took place in spring 2019, the Microsoft people used a database with around three billion stolen accounts, which was freely available on the Internet. The said 44 million matches were found. This affected both Microsoft private accounts and Azure customer accounts.
The affected customers have been informed by Microsoft. Owners of Microsoft private accounts are asked to reset their passwords; the relevant company accounts have been informed to the responsible administrator.
Microsoft also refers to one in this context studyAccording to which it is absolutely customary for 52 percent of all users to use passwords repeatedly or to change them only slightly (and if you ask me, at least half of the remaining 48 percent lied in this survey).
In this context, I can and must warn vigorously: Don’t take it lightly. Many a Microsoft account is worth a fortune when you consider that all digital purchases from Microsoft are linked to it. You should also pay attention to your account just as carefully as you would protect the corresponding amount of cash. In any case, use 2-factor authentication, so your password is basically worthless for an attacker.
For everyone who thinks “nothing will happen”, there is a little story that I recently had on my desk: someone had not adequately protected their Microsoft account. The password was stolen and something was “done” to the account. We still don’t know what exactly, it was definitely so serious that Microsoft finally blocked the account and all related purchases such as Xbox games etc. were lost. According to the terms and conditions, this is intended for serious violations. I was also unable to help the person concerned with my contacts in the corresponding support teams.