Microsoft has issued a warning to customers to check their passwords after billions of accounts were hacked and left vulnerable.
According to the US technology giant's blog, the company has seen a stark increase in "password spray" attacks in the last year.
These attacks were spotted by Detection and Response Team, also known as DART, which was set up to identify and target the latest cyber hacking methods.
DART revealed on Tuesday that cyber attacks are a "moving target" with "techniques and tools always changing".
What is a password spray attack?
Microsoft defines a "password spraying" as a kind of "brute force attack" where hackers essential gather a list of leaked usernames against common passwords by inserting them into different websites.
The hackers keep trying this until they uncover a combination that works and they gain access to all your emails and social media accounts.
This is where they can gain access to your sensitive banking and iCloud information.
Researchers at Microsoft have said that they are different brute-force attacks that just use a custom dictionary or wordlist and that tend to target a smaller group of accounts.
They have identified two password spraying methods:
- Low and slow: Hackers will use several IP addresses so that they can attack multiple accounts at once with only a limited amount of password guesses
- Availability and reuse: Attackers use a tactic called “credential stuffing,” to easily gain entry to your accounts on various platforms because we so often use the same security measures across multiple sites
Has my Microsoft account been hacked?
Microsoft has warned its customers that billions of accounts could have been affected in the recent round of password spray attacks.
The tech company has recommended that its customers should check whether or not they have been affected.
How can I check my passwords are safe?
You can download the free Password Checkup software on Google Chrome.
The extension software will check and let you know if your account has been compromised via either a cyber attack or data breach.
It will run in the background of your browser and will match your username and passwords against a Google database of more than 4billion compromised credentials.
The software will then send you an alert that will read: "Password Checkup detected that your password for [website] is no longer safe due to a data breach.
"You should change your password now."
Google has said that it has no way of seeing your data here since all of your information is encrypted.
Google has said that it was "built with privacy in mind" and that it never reports any identifying information from your accounts or devices.
What do I do if I have been hacked?
If you are one of the unlucky accounts that have been subject to a data breach, you will have received an alert from Google due to the extension you've downloaded.
You will be alerted that your password has been compromised the next time you log in to your account.
Google will give you a list of your exposed accounts in a small list.
This is where you can go through to change your passwords.
How to make your password safe
If you want to get one up on the hackers next time, here are some ways that you can make your passwords more secure:
- Choose different passwords for different accounts
- Use a secure password generator like passwordgenerator.net
- It should be at least 12 characters long with various characters including lowercase and uppercase letters, numbers and special characters
- Don't base your passwords on personal information
- Don't have a password that uses a memorable keyboard path like sequential patterns like qwerty
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here