Microsoft is warning Windows 10 PC owners that 44 million accounts have been exposed to hackers and cybercriminals – could yours be one of them?
Microsoft confirmed the leak, saying that if your details were among those published online you need to change all your accounts with the same combination of email address and password. The leak could leave all your social media accounts, email accounts, even your bank details vulnerable to hackers.
Microsoft’s threat research team uncovered the massive leak when they routinely scanned every Microsoft account between January and March 2019 and then compared the details with a database containing over three billion sets of login credentials that have been leaked. Out of that, Microsoft got 44 million hits on matched credentials but what they aren’t clear on is how the details were stolen and then published online.
That said, over the years, many attacks have been carried out by hackers. Take Android users, for example; earlier this month, they were warned about Strandhogg, a strain of malware mimicking the login pages of some banking apps to allow hackers to obtain sensitive data. Malware like that could be used almost anywhere to obtain login details, including Microsoft.
The Redmond company says that the accounts are a mix of consumer and Enterprise accounts with Azure logins. They say they forced a password reset once the details were known so it is worth checking your email to see if you got a Microsoft email about a hard reset – that will tell you if your details were among the 44 million.
Microsoft also said, “Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture. Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA.”
You can check out using MFA here but be aware that you need two forms of identification for logging in. Forget your password and you need to provide two contact methods for Microsoft to contact you and get you back in. Forget your contact method and it could take up to 30 days to get access back; that’s if Microsoft doesn’t throw you out altogether.
That’s why they recommend three bits of security information – just to cover your own back