After reviewing all of the company's user accounts completed between January and March of this year, the Microsoft threat research team found that 44 million users reuse user names and passwords leaked online after security breaches at other online services.  The software giant said it had scanned user accounts using a database of more than three billion leaked credentials from various sources, including law enforcement agencies and public databases.
By performing the scan, Microsoft was able to identify users who were re-using the same usernames and passwords for multiple online services. The company explained what it did after it was determined that users had reused user names and passwords:
"For the leaked credentials for which we found a match, we force a password reset. On the consumer side, there are no additional ones Action required On the corporate side, Microsoft increases the user risk and notifies the administrator so that credential reset can be enforced. "
Microsoft and other technicians typically warn users against using weak or simple passwords Unfortunately, these alerts do not apply when a user reuses credentials from another service.
While Microsoft checks if users are using complex passwords, the company can not determine if a user has reused this password for other services.
When a third-party service experiences a security breach that causes user credentials to be lost online, it also endangers a user's Microsoft account. If you have used a secure password.
To prevent hackers and other malicious actors from taking over your accounts after a data breach, it is strongly recommended that you use a unique password for every online service you use. [1