Random thoughts on the use of breach data for protection of accounts
Someone sent me an email today which essentially boiled down to this: > Hey, Microsoft's Azure Active Directory alerted me to leaked credentials but won't give me any details so there's very little I can do about it This is a really interesting scenario and it relates to the way Microsoft reports risk events [https://docs.microsoft.com/en-us/azure/active-directory/active-directory-reporting-risk-events#leaked-credentials] , one of which is the discovery of leaked credentials that match those...