Microsoft has discovered that over 44 million users of its Azure and Microsoft Services Accounts (MSA) are using leaked credentials to log into their accounts.
The Microsoft identity threat research team regularly checks billions of credentials obtained from different breaches to look for compromised credentials in the Microsoft systems.
In 2019, the threat research team checked over three billion credentials and found a match for over 44 million Azure AD and Microsoft Services Accounts.
“For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side,” the company said in a statement.
On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.
“Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential,” suggested the tech giant.
Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture.
“Our numbers show that 99.9 per cent of identity attacks have been thwarted by turning on MFA,” said Microsoft.