How come we see far less of my Xbox Live account got hacked- cant get access to my games?
The point is, this whole attitude of placing the blame squarely on the user is ridiculous.
Because Microsoft were quicker to respond to the problem of credential stuffing attacks than most other online services.
See this thread for details: http://www.neogaf.com/forum/showthread.php?t=1324360
Microsoft attempt to get ahead of cyber criminals and defuse the latest password dumps before the information can be monetized. Their security team created an automated system to sort through third-party data. The program looks for matching account emails in their system and, when discovered, it sends password resets to each user, forcing them to pick a new password distinct from the last. They explain this process on their blog:
As a lot of you know, a number of articles were published last week about a Russian hacker offering 272.3 million stolen usernames and passwords... When we discover a new list of usernames and passwords, we run them through an automated system that checks to see if any of the credentials match those in our MSA or Azure AD systems... For this particular list, 9.62% of the usernames matched an account in our systems [and] 1.03% had a matching password... Once we've identified the subset of accounts that are vulnerable, our automated mitigations kick in to protect them.
It's not perfect because it's impossible to keep up with the staggering number of breaches and Xbox Live accounts still get hacked -- just at a less frequent rate. Sony have also increased the rate at which they force password resets, but it's not clear if this is entirely random or in response to specific threats.