Microsoft Security Intelligence Report

Welcome to the interactive Microsoft Security Intelligence Report. We created this site as a complement to our annual report to enable you to dig into the data in more detail.

Some key highlighted takeaways may differ from the written report as we add new data monthly. Come back and visit often to check in on the latest security trends.

For a deeper assessment and recommendations on how to protect against threats, download the Microsoft Security Intelligence Report at www.microsoft.com/sir.

Identity-based threats

Risks of password reuse and modification

Reusing passwords across multiple account-based services is common. According to a 2018 study of nearly 30 million users and their passwords, password reuse and modifications were common for 52% of users. The same study also found that 30% of the modified passwords and all the reused passwords can be cracked within just 10 guesses. This behavior puts users at risk of being victims of a breach replay attack. Once a threat actor gets hold of spilled credentials or credentials in the wild, they can try to execute a breach replay attack. In this attack, the actor tries out the same credentials on different service accounts to see if there is a match.

The Microsoft identity threat research team checks billions of credentials obtained from different breaches (from multiple sources, including law enforcement and public databases) to look for compromised credentials in the Microsoft systems.

The Microsoft identity threat research team checks billions of credentials obtained from different breaches (from multiple sources, including law enforcement and public databases) to look for compromised credentials in the Microsoft systems. As you can see on the right, so far, in 2019* the threat research team checked over 3 Billion credentials and found a match for over 44 million Azure AD and Microsoft Services Accounts. For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.

As you can see on the right, so far, in 2019* the threat research team checked over 3 billion credentials and found a match for over 44 million Azure AD and Microsoft Services Accounts. For the leaked credentials for which we found a match, we force a password reset. No additional action is required on the consumer side. On the enterprise side, Microsoft will elevate the user risk and alert the administrator so that a credential reset can be enforced.

Given the frequency of passwords being reused by multiple individuals, it is critical to back your password with some form of strong credential. Multi-Factor Authentication (MFA) is an important security mechanism that can dramatically improve your security posture. Our numbers show that 99.9% of identity attacks have been thwarted by turning on MFA. You can learn about Microsoft Azure MFA here. Microsoft also offers solutions to protect customers from breach replay attacks. This includes capabilities to flag users as high risk and inform the administrator to enforce a password reset.

3 Billion +
44 Million


Go to first section

This web page is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED.