Windows Update Screen

Microsoft hack puts billions of passwords at risk

Microsoft has warned customers to check their passwords after billions of accounts were hacked and put at risk.

Microsoft wrote on its blog that its’ Detection and Response Team (DART) had observed a significant increase in “password spray” attacks in the past 12 months.

What are password spray attacks?

Microsoft has a comprehensive guide to password spray attacks available here.

In simple terms, password spraying is the practice of using leaked usernames and email addresses and trying to access websites by inputting them alongside common passwords. When cybercriminals find a combination that works, they then try that combination on other websites. Where people use the same username or email address and password combination on multiple websites, hackers can seize control of these accounts and potentially access a wealth of private information.

How do I know if my Microsoft account has been hacked?

Depending on the web browser you use, if you save your password to your browser or account, you’ll be able to check the status of your password.

If you’re a Google Chrome user, you can open the Settings, click Privacy and Security, and run a Safety Check. You’ll then get a status update on your passwords, including whether you have weak passwords or passwords that have been exposed in a data breach.

What should I do if I’ve been hacked?

Work your way through the following process if your investigation reveals you’ve been hacked:

  • Login to your account and change your password.
  • Set up two-factor authentication (2FA) or multi-factor authentication (MFA) on your account. Aim to use an authenticator app rather than using SMS for 2FA or MFA, as this is more secure.
  • Change passwords for any other websites or online accounts for which you used the same password as your Microsoft account.

How to stay safe and secure online

The process listed above is a great place to start!

Keep the following rules in mind:

  • Never use the same password twice
  • Use 2FA or MFA if it’s available
  • Use in-browser password generator functions or a password generator app. Password managers like LastPass are great for creating and storing passwords.
  • If you create passwords manually, never base them on personal information or keyboard patterns

If you don’t want to take our word for creating secure passwords, check out the chart on this page to discover the impact a longer password with multiple symbol types can have on your likelihood of being hacked.

Get in Touch

Fill in the form below to tell us your details, and we’ll get started.