In a blog post this week, the US tech giant said it had detected a slight increase in the use of “password spray” attacks over the past 12 months, according to The Sun.
According to the report, it involves hackers who collect a list of usernames and passwords leaked online and connect them to various websites.
Cyber scammers hope to end up with a working group that will give them access to someone’s email or social media accounts.
They can try to break into more sensitive accounts like your bank or iCloud.
The attacks were identified by Microsoft’s Discovery and Response Team (DART), which is dedicated to identifying the latest cyber-attack tactics.
“This threat is a moving target as technologies and tools are constantly changing,” the researchers wrote.
“It differs from brute force attacks, in which attackers are involved … trying to attack a small number of user accounts.”
Researchers have identified two commonly used types of passwords.
One involves matching known usernames with commonly used passwords, such as ‘password’ or ‘123456’.
The hope is that they will eventually “guess” the correct combination for as many users as possible.
The second technology highlighted by Microsoft includes usernames and passwords that have been leaked online by fraudsters in the past.
The 2012 LinkedIn hack, for example, saw the usernames and passwords of 6.5 million users stolen by cyber crooks and sold online.
Google estimates that more than 4 billion combinations of usernames and passwords have been leaked in recent years.
Hackers can connect these groups to other websites in hopes of reusing them across multiple online accounts.
Microsoft said: “Once attackers have the account credentials, they can gain access to any sensitive resources that users have access to and cause the malicious activity to appear normally.
“This creates a recurring attack pattern, where a single compromised account can gain access to resources where additional credentials can be harvested, thus gaining access to more resources.”
Free Password Checkup can be downloaded to Google Chrome and lets you know if your account details have been compromised in a cyber attack or data breach.
Once installed, the Chrome extension runs in the background of your browser and checks any login details you used.
The pop-up alert on your screen says: “Password check detected that the password for [موقع الويب] It is no longer secure due to a data breach. You must change your password now.”
In the event of a new data breach, the tool will allow you to hack any of your passwords the next time you sign in to Chrome.
It gives you any exposed accounts in a small menu that you can click to change your passwords.
“We have created Password Checkup so that no one, including Google, can see your account details,” Google said.
“Password Checkup was built with privacy in mind. It never reports any personally identifiable information about your accounts, passwords, or device.”
Alternatively, the popular web tool Have I Been Pwned allows you to check if you have been hacked before.
These were the details of the news How do you protect your password after Microsoft warned that billions... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at eg24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.
