Millions of Microsoft users are reusing passwords

News
By
last updated

44 million Microsoft users are guilty of credential reuse

(Image credit: Shutterstock)

After a scan of all of the company's user accounts conducted between January and March of this year, the Microsoft threat research team discovered that 44m users are reusing usernames and passwords that were leaked online following security breaches at other online services, despite the widespread availability of password managers.

The software giant explained that it scanned user accounts by using a database of more than three billion leaked credentials that it obtained from multiple sources including law enforcement and public databases.

By conducting the scan, Microsoft was able to identify users who had reused the same usernames and passwords across multiple online services. The company explained what it did after it discovered that users had reused usernames and passwords, saying:

"For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced."

Credential reuse

Microsoft and other tech giants typically warn users against using weak or simple passwords when creating an account but unfortunately these warnings do not apply when a someone reuses credentials from another service.

While Microsoft checks to make sure that its users are utilizing complex passwords, there is no way for the company to know if a user has reused that password for other services.

After a third-party service suffers a security breach that results in user credentials being leaked online, this also puts a user's Microsoft account at risk even if they have employed a strong password.

To prevent hackers and other malicious actors from taking over your accounts after a data breach, it is highly recommended that you use a unique password for each online service you use.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
Nation-state threats are targeting UK AI research
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
Scam alert
A new SMS energy scam is using Elon Musk’s face to steal your money
Representational image of a cybercriminal
Allstate sued for exposing personal customer information in plaintext
Latest in News
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
An Nvidia GeForce RTX 4060 on a table with its retail packaging
Nvidia RTX 5060 GPU spotted in Acer gaming PC, suggesting rumors of imminent launch are correct – and that it’ll run with only 8GB of video RAM
Indiana Jones talking to a friend in a university setting with a jaunty smile on his face
New leak claims Indiana Jones and the Great Circle PS5 release will come in April
A close up of the limited edition vinyl turntable wrist watch from AndoAndoAndo
This limited-edition timepiece turns the iconic Technics SL-1200 turntable into a watch, and I want one
More about security
Dr Chase Cunningham speaking at ZTW25

The grand delusion: endpoint protection isn’t the magic pill, says Dr Zero Trust
An American flag flying outside the US Capitol building against a blue sky

Sean Plankey selected as CISA director by President Trump
Privacy Hero II

I tested this secure router and the bundled year of VPN service feels mostly like a marketing exercise
See more latest
Most Popular
EDMONTON, CANADA - FEBRUARY 10: A woman uses a cell phone displaying the Open AI logo, with the same logo visible on a computer screen in the background, on February 10, 2025, in Edmonton, Canada
T-Mobile rival is giving free ChatGPT Plus, worth hundreds, to its subscribers - but there's a catch
Three photos of the iPad Air M3 and its camera
iPad Air M3 review roundup – should you buy Apple's new mid-range tablet?
Vision Pro Metallica
Apple Vision Pro goes off to never never land with Metallica concert footage
HP LaserJet Pro 3000 on modern office desk
Now HP printers are being bricked following firmware update
Meta QLC Server
Facebook engineers say bigger hard disk drives is making one critical metric far, far worse
Mufasa is joined by another lion, a monkey and a bird in this promotional image
Mufasa: The Lion King prowls onto Disney+ as it finally gets a streaming release date
Two iPhones showing Apple HomeKit settings
Still using an iPad as a Home Hub? Bad news – Apple is about to end support for it
Horizon Zero Dawn Remastered
Future PlayStation games could have AI-powered characters, if this leaked prototype of Aloy is anything to go by
An American flag flying outside the US Capitol building against a blue sky
Sean Plankey selected as CISA director by President Trump
Scam alert
Fake jobs and phone calls: How Americans lost $12.5 bn to fraud in 2024