Microsoft

In June 2022 a massive collection of user credentials allegedly belonging to Microsoft users was circulated on underground forums. The dataset contained approximately 54 million records consisting of email addresses and cleartext or hashed passwords. Investigation suggests this was not a direct breach of Microsoft infrastructure but rather an aggregated combolist compiled from numerous previous data leaks and credential stuffing attacks targeting various services. This type of incident poses a significant risk for account takeover if users reuse passwords across different platforms.