Billions of Passwords Have Been hacked, Microsoft Says

Billions of Passwords Have Been hacked, Microsoft Says

An alert from Microsoft’s Detection and Response Team (DART) is a warning to everyone about an increase in password spray attacks over the last 12 months.

Password spraying is a form of brute force attack. where an attacker will use one password, for example, “mypassword1234” against millions of accounts to avoid account lockouts that would normally occur when attacking a single account with many passwords.

In its blog post, Microsoft discusses the anatomy of a password spray attack.

The anatomy of a password spray attack

To understand how to protect against, and investigate a password spray attack, it is important to understand what it is. Password spray attacks are authentication attacks that employ a large list of usernames and pair them with common passwords in an attempt to “guess” the correct combination for as many users as possible. These are different from brute-force attacks, which involve attackers using a custom dictionary or wordlist and attempting to attack a small number of user accounts.

You’re extremely vulnerable to this type of attack especially if you use the same password on multiple accounts. It’s especially important that you use different complex passwords containing upper and lowercase letters, numbers, and symbols on all your important accounts. We have some suggestions to help you make easier-to-remember, complex passwords here.

And keeping informed is another key step you can take to stay safe online. Please take a few minutes to read this Microsoft Blog Post.