A detailed database analysis had been done recently on 3 billion leaked credentials (Microsoft Accounts) from security breaches by Microsoft. The result was astonishing. It has been revealed that more than 44 million Microsoft Accounts has been using breached user names and passwords. The sources of these breached passwords could be found from multiple sources, and includes law enforcement agencies and authorities, publicly accessible databases, according to Microsoft. The report raises concerns and throws light on other data breaches available within the dark markets of internet. The analysis of the credentials is expected to reveal the most commonly reused and therefore weak and insecure passwords and usernames. During the analysis, the Microsoft identity threat research team was also looking for these weak credentials to compare and cross-check against the Microsoft user eco-system to make sure the fair practices are being implemented.
The aforementioned Microsoft Accounts were reportedly found in the first three months of 2019 as they were reusing passwords found within those breached credentials databases. Threat actors use a variety of techniques to hack into the system and getting to know login credentials. If a password turns up in a breached database and is used to access an email account, one’s entire security is at stake and it is an international problem to be taken care of. The Microsoft Security Intelligence Report looked at identity-based threats and warned about replay attacks. In this attack, the actor tries out the same Microsoft Accounts credentials on different service accounts to see if there is a match. Eoin Keary, CEO at Edgescan told the media and news reporters that this type of attack is one of the most commonly adopted techniques among the attackers.
Image Source: www.cisomag.com
Microsoft has confirmed that consumers and internet service users do not need to take any additional action, as Microsoft Authority has already forced a password reset. Though that is already a sigh of relief of these 4million users, but the threat cannot be taken that easily. They have informed the situation is less risky for business users as it would sense the user risk and inform the administrator beforehand, for enterprise accounts, confirmation with the administrator and then having to ensure a strong credential reset is being enforced. It’s critical to back a password with some form of strong credential and Multi-Factor Authentication (MFA) is a recommended mechanism to achieve this, Microsoft suggested. The study shows that 99.9 per cent of identity attacks have been caused by turning on MFA. Yet most users regard these as irritating inconveniences and would rather deactivate them whenever possible, said Ilia Kolochenko, CEO of ImmuniWeb.
Image Source: www.telegraph.co.uk
We all need to change their mindset when logging in or letting a online browser remember an online account or its credentials, online accounts should be taken care of in the same way as we take care of our financial accounts and data, said Gavin Millard, vice-president of intelligence at Tenable. They should restrain from reuse of passwords, and also should make them stronger, particularly for accounts where we’re sharing sensitive details or personal information, he concludes. Password managers are the baseline security measures one can follow. They make it easy to make and use a secure, random and complex password for every account and site you use, and password auditing functionality for added bonus. Other than this, Google has a password checkup function that works with the Google account password manager and checks for reuse against a database of leaked credentials so does Firefox.
Source: Republic World
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation with the reliance on or usage of any content, goods or services mentioned in this article.