Microsoft Hack Attack: A Wake Up Call Not to Reuse Passwords

Microsoft campus Late last week, Microsoft announced it had been a victim of the same kind of hacking attacks reported recently by Apple and Facebook, and earlier this month by Twitter.

No Customer Data Compromised

In a public statement on Friday on its Security Response Center blog, Microsoft insisted the scope of the attack was fairly limited.

Matt Thomlinson, General Manager of Trustworthy Computing Security, wrote:

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.”

While Microsoft, Apple and Facebook insist no customer data was accessed during recent attacks, Twitter cannot make that claim. And last year, social networking giant LinkedIn experienced a highly publicized hacking in which millions of user passwords were potentially leaked.

A Wake Up Call

We’ve reported recently about the potential security dangers small businesses face online. One of the greatest of these may be the compromise of company data when passwords held by third parties are accessed.

For small business owners and staff who may have literally dozens of accounts ranging from social media to cloud apps, to PayPal to bank accounts, examples like these breaches should be a wake-up call. Why? Because of the dangers of something far too many users do: reuse of the same password across multiple accounts.

As Tom Espiner explained on ZDNet last July after a similar hack of Yahoo exposed the details of about 400,000 users, the real danger is how many other business accounts the hackers may have access to.

According to Espiner, 20 percent or one in five accounts compromised in the Yahoo breach matched the users’ Microsoft accounts — all thanks to password reuse.   So in other words, when one account’s login information is revealed, it is as if the cyber attacker suddenly has a key to get inside other accounts.

If your business maintains multiple sensitive accounts, be sure they do not use the same passwords and other login  information.   Also, change passwords regularly.

Intruders gaining entrance to one account could gain entrance to your financial accounts and cloud apps containing your customer data. That’s a more dire consequence for your business than a single social media account being hacked.

More in: 4 Comments ▼

Shawn Hessinger Shawn Hessinger is the Executive Editor for Small Business Trends and a professional journalist with more than 20 years experience in traditional and digital media for trade publications and news sites. He is a member of the Society of Professional Journalists and has served as a beat reporter, columnist, editorial writer, bureau chief and managing editor for the Berks Mont Newspapers.

4 Reactions
  1. Mark @ ThinkTraffic

    Scary stuff Shawn.

    It is easy to think that big companies like this are super-secure, but I guess this reminds us that they are not.

    Generally the damage by this sort of attack should be limited; it’s if you have the same password for all of your various accounts that you need to be worried.

  2. That is the reality of the modern world: any website, even a large corporate one can be hacked. I keep a spread sheet with passwords, a different one for each website, and unless someone hacks in my laptop (a worthless target for an experienced hacker) my accounts should be OK.