Microsoft conducted a scan of the company's user accounts and found that millions of users were reusing usernames and passwords that had been leaked online following security breaches at other online services.
Microsoft users are re-using passwords
Microsoft's threat research team scanned user accounts between January and March 2019 by using a database of more than three billion leaked credentials from various sources including law enforcement agencies and public databases, as per ZDNet.
The search effectively allowed Microsoft to identify users who were reusing the same usernames and password that they login into other online platforms with. The scan found a total of 44 million users were doing this and putting themselves at risk of being hacked.
We're all only human and one thing that all have in common is that we usually have a hard time remembering the dozens of passwords we use each and every day to log in to our email, bank accounts, app stores and dating services. For now, Microsoft has sent a password reset request to the identified users but those who use the same credentials across multiple websites are vulnerable to hacking attempts.
Hackers use Username and Password combos
Hackers are extremely skilled at finding the chinks in your security armour, and they'll jump at the chance to take advantage of people who use the same password for multiple accounts.
If an online account you use suffers a security breach and your password is stolen and leaked online, it puts the other accounts at risk, even if you've set a really strong password.
Hackers can easily gain access to accounts of users who reuse passwords from other accounts by using email and password combinations leaked online.
Microsoft does warn users against using weak or easy-to-guess passwords when setting up an account, but these warnings do not cover the reuse of passwords, and it's understandable why – Microsoft has no way of knowing whether the user has reused that password for another account.
In order to protect your account and prevent hackers from taking over your account, we advise you to use a unique password for each website or platform you sign up for.