"Compromised Passwords Used on 44 Million Microsoft Accounts"

In a news study, Microsoft has found that 44 million Microsoft Azure AD and Microsoft Services accounts are vulnerable to account hijacking due to users using compromised passwords. Microsoft forced users to change their passwords if they found that the user's password matched the ones that were compromised.  Microsoft suggests that users set up Multi-factor authentication to help prevent account hijackings.  NIST suggests companies should verify that passwords are not compromised before they are activated.  Passwords should also be checked frequently against a dynamic database comprised of known compromised credentials.

Help Net Security reports: "Compromised Passwords Used on 44 Million Microsoft Accounts"