HomeWinBuzzer News1.2 Million Microsoft Accounts Are Compromised Each Month Says RSA Security

1.2 Million Microsoft Accounts Are Compromised Each Month Says RSA Security

According to a presentation at the RSA Security Conference, 1.2 million Microsoft accounts were compromised in January due to no MFA use.

-

0.5 percent of all accounts are taken by cybercriminals each month, according to new research. These bad actors can hijack 0.5% because of a lack of multi-factor authentication (MFA) amongst Microsoft account users.

While 0.5% may seem insignificant, it amounts to over one million Microsoft accounts taken by cybercriminals.

At the recent RSA Security Conference, director of Identity Security Alex Weinert said there were 1.2 million hijacked accounts in January. His presentation at the conference has been uploaded to YouTube and shows 99.9% of compromised accounts did not have MFA.

In other words, if an account uses MFA, it will likely be protected from being compromised. For those accounts without MFA, there are two defining factors that make them easy to attack: holders of these accounts don't usually update their password and use legacy protocols.

A legacy protocols such as SMTP, IMAP, or POP don't offer MFA tools and make the password the only step a bad actor needs to bypass.

Easy Access

Weinert points out that 40% (480,000 accounts) were simply compromised by a standard password spraying method during January. Attackers would try to sign in across a vast number of accounts with some statistically likely passwords. Nearly half a million got a hit.

Password reuse is a major problem and a major indicator of a compromised account. Interestingly, users who reuse passwords will even use credentials from enterprise accounts on other services. These people will also use the same password across multiple platforms.

Weinert points out the mitigation is simple, stop reusing passwords and ditch legacy protocols. Getting the message across and convincing users to act is the tricky part.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News