MS Authenticator suggests my hotmail account is under attack
Discussion
I have a hotmail account that I don't use very much and I have MS Authenticator on my phone for 2FA. Recently I've had a couple of notifications on the app asking for verification which I denied. Looking into the activity history on this account it seems like there are a stream of unsuccessful login attempts every 30 minutes so from throughout the world. It's been going on for a long time.
I've changed the password again just in case but it seems like the account is constantly being probed. Should I be worried or is this typical behaviour and MS is doing its job ok?
I've changed the password again just in case but it seems like the account is constantly being probed. Should I be worried or is this typical behaviour and MS is doing its job ok?
Its doing its job. Your email and password may have been leaked in a previous data breech and its now being probed. It will prob die off soon.
Check your email - and yr passwords on havibeenpwned.com and change passwords on any other accounts that you may have used them with.
Also be highly suspicious of any emails texts asking you to confirm,login or update anything.
Check your email - and yr passwords on havibeenpwned.com and change passwords on any other accounts that you may have used them with.
Also be highly suspicious of any emails texts asking you to confirm,login or update anything.
Edited by Chimune on Wednesday 20th November 14:34
eeLee said:
Go to accounts.microsoft.com for that Hotmail account and go passwordless. It will make it even harder for whomever it is that is trying to break in, they will get bored quicker.
I don't think bored comes into it, it's automated.Almost everyone will have this, they just don't know about it.
My Hotmail account has an attempted login about every 30 minutes and has done for the last 10 years.
The account has been around for 30+ years, so the address will have been logged in a site somewhere.
They are now using brute force attacks to try and get into it. Unless your password is only 6 digits long and an a word of some sort, I doubt it will be broken.
I do believe there is a site that will tell you how likely and quickly your password can be broken by brute force, with current technology.
Quantum computing though...start crying now.
Mine is a billion years.
Road2Ruin said:
Unless your password is only 6 digits long and an a word of some sort, I doubt it will be broken.
If folks are getting the authenticator requests then the hacker has their password.We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
Sheepshanks said:
Road2Ruin said:
Unless your password is only 6 digits long and an a word of some sort, I doubt it will be broken.
If folks are getting the authenticator requests then the hacker has their password.We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
Road2Ruin said:
I don't think bored comes into it, it's automated.
Oh I know it's automated, I have a bunch of honeypots each of which getting hundreds of thousands of password stuffing attempts across many protocols.The point of going passwordless should end up with fewer requests since they are looking to leverage the email address and the password that they believe is useful. Since many use their email address and their same password everywhere, it's low-hanging fruit, I'd hope for compute purposes that they remove unsuccessful combos (but of course they can hope that a dumb user approves the OoB auth request to Authenticator).
Simple thing is to put your webmail email address into www.haveibeenpwned.com and see if any of the datasets that have your email address contained passwords. My Entra ID email has never been used anywhere but to send and receive email......
Sheepshanks said:
If folks are getting the authenticator requests then the hacker has their password.
We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
No, you can go straight to authenticator, password-less login. I do this now.We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
My hotmail accounts are always being probed. Funny it hardly happens on gmail or yahoo accounts.
wyson said:
Sheepshanks said:
If folks are getting the authenticator requests then the hacker has their password.
We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
No, you can go straight to authenticator, password-less login. I do this now.We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
My hotmail accounts are always being probed. Funny it hardly happens on gmail or yahoo accounts.
I used to start a new one at least every year, but I haven't changed any since lockdown. Just realised.
Can use a service that generates burner accounts. My duckduckgo browser has a built in burner email account tool. It sets up random whatever@duck.com email addresses on website sign ups etc and forwards emails to your real email addresses. Can just burn the whatever@duck.com account if you want to disengage.
Best of both worlds I reckon.
Best of both worlds I reckon.
Sheepshanks said:
If folks are getting the authenticator requests then the hacker has their password.
We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
Someone once said that your email account should be a standalone password not repeated anywhere else. I've stuck with that.We get it at work as people use their work password on business related sites that aren't secure. Thankfully the authenticator using number matching stops people letting hackers in - they used to just blindly accept the authenticator requests.
TX.
Terminator X said:
Harpoon said:
Terminator X said:
Someone once said that your email account should be a standalone password not repeated anywhere else. I've stuck with that.
TX.
Just avoid password re-use entirely.TX.
TX.
Depends on how you've set up MS services and which ones you have but a lot of people will have their general MS account be tied to the same login as the hotmail account so if it does get hacked and user/password discovered, you could lose control over your Xbox Live, OneNote notes and general Onedrive cloud files.
So anyone who is seeing stuff like this happening needs to be sure to get it sorted. At the least, change the password on the account or better, go passwordless and use trusted authentication only.
So anyone who is seeing stuff like this happening needs to be sure to get it sorted. At the least, change the password on the account or better, go passwordless and use trusted authentication only.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff