11 December 2019 18:36
Get the biggest daily stories by email Subscribe Thank you for subscribing We have more newsletters Show me See our privacy notice Could not subscribe, try again later Invalid Email Microsoft has reset 44million passwords and issued a warning to users as it confirmed that consumer and enterprise account details have been leaked. It is warning that all linked accounts with the same username and passwords may be at risk too, which means social media accounts, email address, or worse yet, bank details could be vulnerable to cybercriminals. A spokesman added: "Iit is critical to back your password with some form of strong credentials... Get the biggest Daily stories by email Subscribe Thank you for subscribing See our privacy notice Could not subscribe, try again later Invalid Email Microsoft has reset 44million passwords and issued an urgent warning as it confirmed that accounts have been hacked - and email addresses and passwords have been stolen and published online. The software giant is warning that all linked accounts with the same username and passwords may be at risk too, which means social media accounts, email address, or worse yet, bank details could be vulnerable to cybercriminals.
The leak was found by Microsoft's threat research team as they carried out a routine scan of all Microsoft accounts back in January and March and compared them with a database of hacked login credentials, reports The Express. Both Microsoft's consumer and enterprise accounts are understood to be affected. Out of the three billion on the database, Microsoft got 44 million matches and it's still unclear how these email addresses and passwords were stolen and published online. There has been a massive increase in the number of theses style of attacks recently, including the Strandhogg malware attack on Android devices which appeared as banking apps and then syphoned off key details. Microsoft has since reset all the accounts passwords and stated: "No additional action is required on the consumer side...
On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced." A spokesman added: "It is critical to back your password with some form of strong credentials... Multi-Factor Authentication can dramatically improve your security posture... Our numbers show that 99.9% of identity attacks have been treated by turning on MFA." To get MFA on your Microsoft account – head to account.microsoft.com/security and then sign-in with your Microsoft account details, or get a two-step logon process by opening "More Security Options" then find the "Two-Step Verification option" and choose "Set Up Two-Step Verification". If you enable the security-boosting feature it will mean you'll always need to have two forms of identification to login and if you forget them it can take you 30 days to regain access, Microsoft warns. In some scenarios, Microsoft could kick you out of your account entirely. For that reason, the US technology company strongly recommends you have three pieces of security info associated with your account – just in case.