Leaked Credentials

Learn how Microsoft Security Helps Mitigate Threats from Leaked Credentials

What are leaked credentials?


A leaked credentials risk detection type indicates that the user’s current credentials have been leaked. These credentials remain valid and can used to sign into an organization’s environment, to gain access to customers or critical operational data. There are ways to prevent or mitigate the effect of leaked credentials including changing password periodically. Because once one changes their password, the stolen identity becomes invalid.

But the danger of leaked credentials is that, most often, organizations may not be aware of stolen identities until critical data have been comprised. When cybercriminals compromise valid passwords of legitimate users, they post them publicly on the dark web or paste sites, or trade the credentials on the black market.

Microsoft monitors such public and dark webs using a set of AI and advanced technologies to run comparative analysis to see if a credential has been compromised. Microsoft works with the following:

  • Researchers
  • Law enforcement
  • Security teams at Microsoft
  • Other trusted sources

When the service acquires username and password pairs, they are checked against Microsoft Azure Active Directory (AAD) users’ current valid credentials. When a match is found, it means that a user’s password has been compromised and a leaked credentials risk detection is created.

How can you detect and mitigate threats from leaked credentials using Microsoft Security?

Using Microsoft Identity protection and Microsoft Cloud App Security, organizations can create threat protection policies and also be able to to quickly investigate leaked credential to invalidate stolen credentials. Microsoft Cloud App Security and Azure AD Threat Protection offer organizations many options to prevent or mitigate the cyber-threat from leaked credentials. Organizations can choose which of the following methods works best for them.

  • Azure AD Multi-Factor Authentication

    Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan. If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, is it really the user signing in with the username and password, or is it an attacker? When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.

    According to Microsoft, Azure AD Multi-Factor Authentication helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods. Users may or may not be challenged for MFA based on configuration decisions that an administrator makes.

    Your applications or services don’t need to make any changes to use Azure AD Multi-Factor Authentication. The verification prompts are part of the Azure AD sign-in event, which automatically requests and processes the MFA challenge when required.

  • Azure AD Conditional Access

    Conditional Access enables organizations to configure and fine-tune access policies with contextual factors, such as user, device, location and real-time risk information to control what a specific user can access and how and when they have access. This means you grant access to specific users, at a specified time or location. You have better control of who access what when, giving the security you need to protect against leaked credentials and other cybersecurity threats.

  • Azure AD Self-Service Password Reset

    Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password with no administrator or help desk involvement. If a user’s account is locked or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can’t sign in to their device or an application. More importantly, it gives your users the ability to quickly change their password if their credentials become compromised.

  • Azure AD Password Protection

    Reduce weak passwords and mitigate against password spray and/or brute-force attacks by implementing Azure AD password protection.

  • Modernize Password Policy

    Improve password quality by implementing the latest password policy recommendations. According Microsoft, they see over 10 million username and password pair attacks every day. Learn to protect your organization from leaked credentials by enforcing strong password policies in your organizations. Follow the guidelines provided by Microsoft in the following article.


How we can help you mitigate threats from leaked credentials

We work with organizations to strengthen their security posture and protect their organization against cybersecurity threats, including leaked credentials, malware detection and more with threat protection tools from Microsoft productivity applications and cloud services. We also provide one-time security assessments to assess your organization’s vulnerabilities based on data from your infrastructure. Visit our CSAT page to learn more.

For immediate assistance, email us at security@danquahgroup.com