More than 44 million users of Microsoft’s services are using passwords that have been stolen through data leaks, according to new research by the tech giant.

Microsoft’s study analysed three billion user data and compared them with the passwords of the Microsoft and AzureAD cloud services. In more than 44 million of the cases, the data was found to be similar, allowing malicious third parties to have access to the data stored in the cloud, between January and March 2019.

According to Microsoft, this would involve forcing logins on certain services on the basis of captured data. For several platforms, an attempt is made to log in with the obtained passwords and usernames, to see whether someone is using the same data for several services. This is a relatively easy way for hackers to get access to multiple services.

In order to prevent the more than 44 million users of the services from not taking action, Microsoft has taken matters into their own hands. All passwords have been reset, so a change of password is necessary to regain access to the services.

The obvious solution

The study concludes by calling for the use of systems that use multiple stages of authentication to prevent the data from one service from being used by another.

According to Microsoft, using Multi-Factor Authentication (MFA) would prevent 99.9 percent of attacks, as an additional barrier is placed between having data and actually being able to log in.