My MS account is getting attacked...
Discussion
To access my MS account (Windows/Outlook/Skype) I use a strong password then have options on a one time code via email/SMS or a Google Authenticator App code to login.
Looking at the MS login log it's clear my email address is doing the rounds and people across the world are trying to login. The fact that the logins seem to be unsuccessful suggests they do not have my password but they are requesting one time codes as I get the emails/SMS giving me the codes.
Anyway my question is, is the level of "hacker logins" below normal? Or higher / lower than normal etc??
I don't want to change my email address so guess I have to just suck this up? I'm thinking of disabling the email/sms one time code option so at least I don't get reminded of the hacking attempts every day!
Looking at the MS login log it's clear my email address is doing the rounds and people across the world are trying to login. The fact that the logins seem to be unsuccessful suggests they do not have my password but they are requesting one time codes as I get the emails/SMS giving me the codes.
Anyway my question is, is the level of "hacker logins" below normal? Or higher / lower than normal etc??
I don't want to change my email address so guess I have to just suck this up? I'm thinking of disabling the email/sms one time code option so at least I don't get reminded of the hacking attempts every day!
Are they one time codes for when you have forgotten your password or part of MFA.? Because you would only get the MFA code once the correct password has been entered.
If it is MFA you should swith to the authenticator app as its more secure than SMS. You'll still get the notific as fions but can turn them off as you'll know its not you.
I would definitely change your password as a precaution. Are you running AV as well? Just in case there are key loggers on your machine.
I've had the same email for years and never had anything like this with someone repeatedly trying to access it. I know my email and passwords have been leaked in the past but I use secure unique passwords and a manager now and rotate then.
Wonder why they think they might be able to access your account and what they hope to achieve.
If it is MFA you should swith to the authenticator app as its more secure than SMS. You'll still get the notific as fions but can turn them off as you'll know its not you.
I would definitely change your password as a precaution. Are you running AV as well? Just in case there are key loggers on your machine.
I've had the same email for years and never had anything like this with someone repeatedly trying to access it. I know my email and passwords have been leaked in the past but I use secure unique passwords and a manager now and rotate then.
Wonder why they think they might be able to access your account and what they hope to achieve.
Definitely change your password asap.
I checked the same login activity screen in my MS account and a wrong password is logged as "Incorrect password" rather than "Unsuccessful sign-in". This suggests they may have your password, but need the code to complete the sign-in process.
I did have a surprising amount of attempted logins from all over the world (all unsuccessful) and never get any codes appearing in my authenticator.
I checked the same login activity screen in my MS account and a wrong password is logged as "Incorrect password" rather than "Unsuccessful sign-in". This suggests they may have your password, but need the code to complete the sign-in process.
I did have a surprising amount of attempted logins from all over the world (all unsuccessful) and never get any codes appearing in my authenticator.
Thanks to both of you above.
I am shocked that they could have my password as it is very strong (phrase+numbers+special chars+ very long). Wonder how they got it? Anyway I will do a test by entering the pwd wrong, and then correctly and see if the "unsuccessful login" changes to "incorrect pwd" in the above MS log page. In any case I will change it to something even longer !
Thanks a lot both of you.
PS - I only use the built in Windows 11 AV. I used to use Norton but was advised by people on here that in fact the standard Windows AV does everything you want. I have had no issues with it.
PPS - As well as the authenticator I may well leave the email/SMS one time code in place as it's useful to indicate when hacking attempts are happening.
Thanks again
I am shocked that they could have my password as it is very strong (phrase+numbers+special chars+ very long). Wonder how they got it? Anyway I will do a test by entering the pwd wrong, and then correctly and see if the "unsuccessful login" changes to "incorrect pwd" in the above MS log page. In any case I will change it to something even longer !
Thanks a lot both of you.
PS - I only use the built in Windows 11 AV. I used to use Norton but was advised by people on here that in fact the standard Windows AV does everything you want. I have had no issues with it.
PPS - As well as the authenticator I may well leave the email/SMS one time code in place as it's useful to indicate when hacking attempts are happening.
Thanks again
I'd wager they don't have your password, but they're trying brute force attacks on your account.
Enter your email here - https://haveibeenpwned.com/ and see if your email has been compromised anywhere.
If you're using the Authenticator app, you're going to be protected.
Also turn on passwordless security here - https://account.live.com/proofs/manage/additional?...
Enter your email here - https://haveibeenpwned.com/ and see if your email has been compromised anywhere.
If you're using the Authenticator app, you're going to be protected.
Also turn on passwordless security here - https://account.live.com/proofs/manage/additional?...
Mammasaid said:
I'd wager they don't have your password, but they're trying brute force attacks on your account.
Enter your email here - https://haveibeenpwned.com/ and see if your email has been compromised anywhere.
If you're using the Authenticator app, you're going to be protected.
Also turn on passwordless security here - https://account.live.com/proofs/manage/additional?...
From haveibeenpawned yes 123rf.com got hacked and with it my personal details a few years back.Enter your email here - https://haveibeenpwned.com/ and see if your email has been compromised anywhere.
If you're using the Authenticator app, you're going to be protected.
Also turn on passwordless security here - https://account.live.com/proofs/manage/additional?...
I use a password (well usually face id although if that fails I use a pwd) to login to Windows etc. As I understand it if I login from somewhere else than usual then Microsoft will send the one time code via email/SMS or give an authenticator option. My current set up is like that below -
I'm trying to work out if there is a downside to going passwordless as you suggested. My authenticator app is on my phone and I feel losing my phone is my most likely scenario, which would then mean I couldn't my laptop, whereas using a pwd I can. So effectively if I lost my phone I would also lose my laptop access if I go passwordless. Do I have that right? Otherwise I like the idea!
Sheepshanks said:
I get loads of them on my personal Microsoft account - it uses a Gmail email address which I've had for a long time.
The attempts always say "Unsuccessful sign-in" as the headline but if I go into them it says "incorrect password entered". I've got 2FA set up.
Yep now I have checked it seems I too am getting "incorrect pwd" so it seems all they have is my email id. Maybe I need to just stop worrying?The attempts always say "Unsuccessful sign-in" as the headline but if I go into them it says "incorrect password entered". I've got 2FA set up.
Me three, so it appears. Lots of incorrect password attempts, although the account is set up with 2FA, so no password needed most of the time.
Only thing which worries me is having broken my phone abroad before, if all the 2FA/authenticator stuff is on a phone you lose, it's going to be damm near impossible to get back into any account!
Anyway, if anyone wants to find out anything about this IP address, feel free. You would have thought someone would give up after 6 or 7 attempts in the space of an hour.
Only thing which worries me is having broken my phone abroad before, if all the 2FA/authenticator stuff is on a phone you lose, it's going to be damm near impossible to get back into any account!
Anyway, if anyone wants to find out anything about this IP address, feel free. You would have thought someone would give up after 6 or 7 attempts in the space of an hour.
Mine's getting hammered too, several times per day (several times an hour in some cases):
(Note the successful sign-in at 23:38 was me!)
Someone somewhere is also trying to use Exchange ActiveSync to get in too! Strong unique password and 2FA via MS app so the account should stay secure.
(Note the successful sign-in at 23:38 was me!)
Someone somewhere is also trying to use Exchange ActiveSync to get in too! Strong unique password and 2FA via MS app so the account should stay secure.
Condi said:
Only thing which worries me is having broken my phone abroad before, if all the 2FA/authenticator stuff is on a phone you lose, it's going to be damm near impossible to get back into any account!
Both MS and Google Authenticators now backup to their respective accounts so you should just be able to log in on the new device and re-sync. I actually keep the phone I upgraded from as a ready-to-go backup device with everything already sync'd so if my current phone carks it or is nicked, it's hopefully as painless as it can be.Edited by Funk on Monday 11th September 13:56
Condi said:
Only thing which worries me is having broken my phone abroad before, if all the 2FA/authenticator stuff is on a phone you lose, it's going to be damm near impossible to get back into any account!
In advance, you can generate a recovery code which it suggests you write down or take a picture of. Just don't store it on your phone, I guess!Sheepshanks said:
Condi said:
Only thing which worries me is having broken my phone abroad before, if all the 2FA/authenticator stuff is on a phone you lose, it's going to be damm near impossible to get back into any account!
In advance, you can generate a recovery code which it suggests you write down or take a picture of. Just don't store it on your phone, I guess!I've had same issue with someone or a group located in the US (and changing location within the US it seems) trying to hack my MS email....as recent as yesterday but been going on for months it seems. I only became aware when I was seeing emails for the passcode hitting my other/back up email ad.
I've changed my password but still rather worrying that the attempts continue and under session activity it shows as 'Incorrect password entered' so clearly they are happy to keep trying.
I've changed my password but still rather worrying that the attempts continue and under session activity it shows as 'Incorrect password entered' so clearly they are happy to keep trying.
VR99 said:
I've had same issue with someone or a group located in the US (and changing location within the US it seems) trying to hack my MS email....as recent as yesterday but been going on for months it seems. I only became aware when I was seeing emails for the passcode hitting my other/back up email ad.
I've changed my password but still rather worrying that the attempts continue and under session activity it shows as 'Incorrect password entered' so clearly they are happy to keep trying.
It'll be spoofed locations. Mine's showing hits from all over the place but in all likelihood it'll most likely be Russia, China and India (which curiously NEVER appear in the list of attempted login locations....funny that...!).I've changed my password but still rather worrying that the attempts continue and under session activity it shows as 'Incorrect password entered' so clearly they are happy to keep trying.
GlenMH said:
Sheepshanks said:
Don't you need both phone and email to get into Authy if you need to recover?
No - once Authy is set up on the laptop you only need the master password to get in to it.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff