Report: 20% of Microsoft login data compromised?

As much as 20 percent of Microsoft Account login data may have been compromised, after it was found on lists of leaked credentials in the wake of recent hack attacks. Worse, security vendor BitDefender said an analysis of the compromised data showed many users still use the same ID and password for more than one online account. “This highlights the longstanding security advice to use unique passwords, as criminals have become increasingly sophisticated about taking a list of usernames and passwords from one service and then `replaying‘ that list against other major account systems,” it quoted Microsoft Account Group Program Manager Eric Doerr as saying in a July 15 blog post. Doerr lamented that when they find matching passwords, "they are able to spread their abuse beyond the original account system they attacked.” “You’d be surprised how often the lists – especially the publicly posted ones – are complete garbage with zero matches. But sometimes there are hits – on average, we see successful password matches of around 20 percent of matching usernames.” he added. In effect, BitDefender said a data leak where login data can get into the wrong hands will mean all other accounts with the same password can be compromised. BitDefender reminded computer users to realize the implications of using the same password for more than one account. It said this is especially in the wake of recent data leaks that hit LinkedIn, Last.fm and Skype and Yahoo. In Microsoft's case, BitDefender noted the software giant automatically scans its lists to see which customers may have compromised accounts so it can notify them. BitDefender reminded computer users a bank or a service provider of any kind would never send customers an e-mail asking for passwords, usernames, account information or telephone number. Also, it stressed the need to create strong unique passwords for every account online. "They then need to be very attentive with the data they publicly share. And of course, people ought to use at all times a security suite to take care of the aspects they can’t handle personally," it said. — LBG, GMA News