In a Reddit thread posted early this morning, Windows admins reported receiving multiple alerts from Entra indicating that some of their user accounts had been found with credentials leaked on the dark web or other locations. Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app called MACE. MACE Credential Revocation app is a Microsoft Entra feature used to detect leaked credentials and lockout potentially compromised accounts. These alerts and lockouts began last night, with some admins believing they were false positives as the accounts have unique passwords that are not used on any other sites or applications. Microsoft Entra ID, formerly Azure Active Directory, is a cloud-based identity and access management service that helps organizations manage user identities and secure access to resources. While all alerts of leaked credentials should be investigated to confirm that an account was not compromised, if you received a flurry of alerts at once this rollout likely caused it.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sat, 19 Apr 2025 22:05:12 +0000