About 20 percent of Microsoft Account logins are found on lists of compromised credentials in the wake of hack attacks on other service providers, Eric Doerr, Group Program Manager for Microsoft's Account system said...
A significant proportion of compromised credentials Microsoft sees from other services have the same username and password on the Microsoft account system (formerly Windows Live ID) logins, which cover services such as Hotmail, Messenger and SkyDrive. These logins have not been compromised from the Microsoft server, but are instead based on login information leaked from other sites.
"These attacks shine a spotlight on the core issue people reuse passwords between different websites," he said. Microsoft regularly gets lists of compromised third-party login details from ISPs, law enforcement and vendors, as well as from lists published on the internet by hackers, according to Doerr. This information is checked against Microsoft login details using an automated process to check for any overlap. While 20 percent is the average, in one recent breach it was only 4.5 percent, said Doerr.
Like Just last week, both Yahoo! Voices and the Android forums at website Phandroid were hacked, resulting in the leakage of almost 1.5 million usernames and passwords. When a list of usernames and passwords are leaked, it seems that Microsoft have been running these against its database looking for matches. The results are quite shocking.
Company also revealed that it is working to tighten its security and one of such measures is going to be increase in the character limit in passwords to make Brute Force attack more difficult.
No comments:
Post a Comment