Microsoft has issued a warning to customers to check their passwords after billions of accounts were hacked and left vulnerable. 

According to the US technology giant's blog, the company has seen a stark increase in "password spray" attacks in the last year.

These attacks were spotted by Detection and Response Team, also known as DART, which was set up to identify and target the latest cyber hacking methods.

DART revealed on Tuesday that cyber attacks are a "moving target" with "techniques and tools always changing".

York Press: Two people sitting on Microsoft tablets. Credit: CanvaTwo people sitting on Microsoft tablets. Credit: Canva

What is a password spray attack?

Microsoft defines a "password spraying" as a kind of "brute force attack" where hackers essential gather a list of leaked usernames against common passwords by inserting them into different websites.

The hackers keep trying this until they uncover a combination that works and they gain access to all your emails and social media accounts. 

This is where they can gain access to your sensitive banking and iCloud information.

Researchers at Microsoft have said that they are different brute-force attacks that just use a custom dictionary or wordlist and that tend to target a smaller group of accounts. 

They have identified two password spraying methods:

  • Low and slow: Hackers will use several IP addresses so that they can attack multiple accounts at once with only a limited amount of password guesses
  • Availability and reuse: Attackers use a tactic called “credential stuffing,” to easily gain entry to your accounts on various platforms because we so often use the same security measures across multiple sites

Has my Microsoft account been hacked?

Microsoft has warned its customers that billions of accounts could have been affected in the recent round of password spray attacks. 

The tech company has recommended that its customers should check whether or not they have been affected.

How can I check my passwords are safe?

You can download the free Password Checkup software on Google Chrome.

The extension software will check and let you know if your account has been compromised via either a cyber attack or data breach.

It will run in the background of your browser and will match your username and passwords against a Google database of more than 4billion compromised credentials.

The software will then send you an alert that will read: "Password Checkup detected that your password for [website] is no longer safe due to a data breach.

"You should change your password now."

Google has said that it has no way of seeing your data here since all of your information is encrypted.

Google has said that it was "built with privacy in mind" and that it never reports any identifying information from your accounts or devices.

What do I do if I have been hacked?

If you are one of the unlucky accounts that have been subject to a data breach, you will have received an alert from Google due to the extension you've downloaded.

You will be alerted that your password has been compromised the next time you log in to your account.

Google will give you a list of your exposed accounts in a small list.

This is where you can go through to change your passwords.

How to make your password safe

If you want to get one up on the hackers next time, here are some ways that you can make your passwords more secure:

  • Choose different passwords for different accounts
  • Use a secure password generator like passwordgenerator.net
  • It should be at least 12 characters long with various characters including lowercase and uppercase letters, numbers and special characters
  • Don't base your passwords on personal information
  • Don't have a password that uses a memorable keyboard path like sequential patterns like qwerty