- Small Business Trends - https://smallbiztrends.com -

Microsoft Hack Attack: A Wake Up Call Not to Reuse Passwords

Microsoft campus [1]Late last week, Microsoft announced it had been a victim of the same kind of hacking attacks [2] reported recently by Apple and Facebook, and earlier this month by Twitter.

No Customer Data Compromised

In a public statement on Friday on its Security Response Center blog, Microsoft insisted the scope of the attack was fairly limited [3].

Matt Thomlinson, General Manager of Trustworthy Computing Security, wrote:

“During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.”

While Microsoft, Apple and Facebook insist no customer data was accessed [4] during recent attacks, Twitter cannot make that claim [5]. And last year, social networking giant LinkedIn experienced a highly publicized hacking in which millions of user passwords were potentially leaked [6].

A Wake Up Call

We’ve reported recently about the potential security dangers small businesses face [7] online. One of the greatest of these may be the compromise of company data when passwords held by third parties are accessed.

For small business owners and staff who may have literally dozens of accounts ranging from social media to cloud apps, to PayPal to bank accounts, examples like these breaches should be a wake-up call. Why? Because of the dangers of something far too many users do: reuse of the same password across multiple accounts.

As Tom Espiner explained [8] on ZDNet last July after a similar hack of Yahoo exposed the details of about 400,000 users, the real danger is how many other business accounts the hackers may have access to.

According to Espiner, 20 percent or one in five accounts compromised in the Yahoo breach matched the users’ Microsoft accounts — all thanks to password reuse.   So in other words, when one account’s login information is revealed, it is as if the cyber attacker suddenly has a key to get inside other accounts.

If your business maintains multiple sensitive accounts, be sure they do not use the same passwords and other login  information.   Also, change passwords regularly.

Intruders gaining entrance to one account could gain entrance to your financial accounts and cloud apps containing your customer data. That’s a more dire consequence for your business than a single social media account being hacked.