Skip to Content
© Piotr Swat | Dreamstime.com
Security & privacy

Windows warning: Threat leaves 44 million users at risk

Data leaks can be devastating. People can get their accounts hacked and leaked information can be accessed by millions of people — many with bad intentions.

Security experts are warning users to avoid recycling passwords across different platforms. If you use the same one on each account you sign up for, it can result in a domino effect. Tap or click to learn more about a massive database of texts and passwords that was discovered online.

And now, after several large data leaks, Microsoft is taking action to protect its userbase from hackers. If you recycle passwords, here’s why you might be at risk.

Microsoft to data breaches: ‘Enough is enough!’

According to Microsoft’s website, the company is alerting its users about a string of wide-scale data leaks that may have impacted their Microsoft Service Accounts.

Microsoft scanned more than 3 billion leaked credentials for email addresses and usernames that match accounts it has on file. The company hopes that by alerting users whose info matches the leaked credentials, users can potentially foil identity theft before it occurs.

To be clear, Microsoft hasn’t detected account breaches on its own. Instead, it combed through data from multiple data breaches to find information that matches existing user accounts.

Microsoft Service Accounts are used to update Windows software and reset computer passwords, so keeping them safe is a huge priority.

There’s no way for Microsoft to know for sure whether password recycling has occurred on these accounts, but from an abundance of caution, it’s forcing users whose information matches the leaked data to reset their passwords. Tap or click here to learn how to create stronger passwords.

This is one of the biggest instances of a company attempting to preempt a hacking spree. If Microsoft users change their passwords quickly, it can prevent their other accounts that use the same password from being hacked.

Am I on the list? Is my Microsoft Service Account in danger?

If you were a clear match to any of the leaked usernames Microsoft scanned, you should have received an email advising you to reset your password. This email would have come from Microsoft and would have directed you to Microsoft.com to perform an identity verification and password reset.

If you didn’t receive the email and you’re sure you didn’t accidentally miss it, you’re probably okay. You’ll know you’re safe if you regularly get emails from Microsoft that don’t go directly to spam and if you received no updates on the matter.

If you think the email might have gotten lost or if you just want to be safe, you can reset your password via Microsoft’s website.

To get started, visit Microsoft’s account recovery page and fill in the information it asks for, like your email address and an alternate email address for the account reset. Enter the Captcha to verify you’re not a robot and follow the instructions that appear.

After this, you should receive a verification code at the email address you provided. Type the code into the designated field to continue.

You may also be required to fill in a recovery form, depending on the information you provide, which will go a little deeper to help validate your identity. For more information on this form, as well as more detailed instructions on the verification process, tap or click here to visit Microsoft’s help page.

As part of the company’s security initiative, Microsoft is also recommending all users switch to two-factor authentication for online accounts when possible. For information on how to set up two-factor authentication on some of the most popular websites, tap or click here.

Stop robocalls for good with Kim’s eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook