In a blog post this week, the US tech titan said it had identified an uptick in the use of "password spray" attacks over the past 12 months.

They involve hackers gathering a list of usernames and passwords leaked online and plugging them in to various websites.

Cyber crooks hope to eventually stumble across a working combination that gives them access to someone's email or social media accounts.

From there, they can attempt to break into more sensitive accounts such as your bank or iCloud.

The attacks were identified by Microsoft's Detection and Response Team (DART), which is dedicated to identifying the latest cyber attack methods.

"This threat is a moving target with techniques and tools always changing," researchers wrote on Tuesday.

"They are different from brute-force attacks, which involve attackers ... attempting to attack a small number of user accounts."