author: Laty
99.9% of Hacked Microsoft Accounts Were Not Properly Secured
Microsoft engineers warn against hackers who hack into accounts without multi-step authentication enabled. 1.2 million accounts were attacked un January alone.
At the end of February, an RSA conference was held where Microsoft's engineers had hosted a panel (see video below). During the conference, they stated that 99.9% of hacked accounts in Microsoft's services did not have multi-step authentication enabled. The Redmond giant revealed that they register more than 30 billion logins a day, and that one billion active users use its services every month. Statistically, each month about 0.5% of accounts are attacked by hackers, which in January this year alone translated into about 1.2 million accounts.
The engineers pointed out that their biggest concern is hacking into accounts for corporate use. They may contain confidential data that should not be revealed. This is a prime target for hackers, and only 11% of Microsoft's services used by corporations have sufficient security features in place.
How do hackers hack into accounts?
Usually hackers do not use any complicated methods to get into someone's account. Most hacking is done by password spray. This is a technique in which you choose one password and enter it into many different accounts until you get the desired result.
The second method mentioned by Microsoft's engineers is using passwords that have already leaked. The hacker obtains the login data that leaked from the users when they were using other services and tries to use it in Microsoft's services, hoping that the user has used the same username and password again.
"Currently, about 60% of users are reusing passwords that have already been leaked," said Lee Walker, an identity security specialist."
Microsoft reports that companies that have enabled multi-step authentication have reported 67% less account intrusions. Therefore, if you want to protect your services against hacking, do not use the same password anywhere and enable multi-step authentication. Many services offer two-step verification called 2FA, which is hard to get past.