People use the same passwords and login details across many internet services from different providers, Microsoft Account group manager Eric Doerr noted in a blog post on Sunday. That means that if one set of logins is compromised, all other accounts are at risk.
"These attacks shine a spotlight on the core issue — people reuse passwords between different websites. On average, we see successful password matches of around 20 percent of matching usernames," said Doer.
Despite all that, Microsoft is working hard to keep Hotmail and its associated services as secure as possible. They work really hard to educate users and make sure that they use good security practices, but if that fails, there are alternatives:
...we look to see if there is evidence of criminal activity, like sending spam. If we do see signs of criminal activity, we suspend the account and ask the rightful owner to go through account recovery to regain control.
Occasionally we get information about a set of customers, but there isn’t enough account information to identify who has reused passwords and is therefore at risk. Then we have a judgment call – do we ask 100% of those customers to reset their passwords, even though only 20% are probably at risk? Or do we leave the 20% at risk to avoid inconveniencing the 80%? Where there is a credible threat, the answer is simple – we err on the side of protecting customers...
This is done in an automated and secure way so no human actually sees the account info of our customers.
That's what happens when you use the same logins in all your sites
ReplyDelete