New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Strange attack on my Microsoft Account
Hello today I got email from Microsoft Account Security about suspicious activity on my account..
When I look into login history, I found a huge number of unsuccessful login attempts from multiple locations
....
https://i.ibb.co/m5Tmr43/Screenshot-2024-05-12-13-00-22.png
TBH this is first time such thing happened to my accounts,
I don't think this is just a bot scanning emails from the web, (I don't remember using it to post any comment or even register on any web forum),
which means this account were not easy to be accessed from the web.
In fact, I use it on multiple freelancer websites, and I use it for my paypal account, no matter who is doing this attempts, he knows what email accounts to target.
2fa enabled BTW
Comments
Well, probably some guy with a couple proxies is trying a bunch of common passwords or passwords from various dataleaks (reusing passwords across multiple sites is probably still extremely common). My guess would be that at least one of the sites you have used that email at has been breached and now the usual suspects are just doing their thing. As long as you didn't reuse any passwords and what you are using is actually sufficiently secure i wouldn't worry to much. These days one can pretty much consider any kind of data used online to be basically public knowledge.
I'm very cautioned when using all my accounts across the internet, from the begging I never use weak password or repeat it on other accounts,
I separate my business accounts from my social accounts, even on other my business accounts I use different emails to register with, ( I think I organize it well )
as I said, this account was for my business accounts only, should not be easily accessible,
I think some major data breached happened recently, and it is not on the news yet.
I hope you have 2fa enabled there.
Well, i'd be pretty surprised if even 50% of all breaches are even noticed let alone reported or broadly publicized. Breaches happen all the time. Like i've said, if you are using data anywhere on the internet just consider it public knowledge from thereon as everything else would be just delusional these days. It's only a question of when the data is going to turn up on the black market and there's nothing anyone can do about it.
I would recommend regularly monitoring your account activity and ensuring that your devices are also secure. It might also be worth reaching out to Microsoft's support team for further assistance and to see if they can provide any additional insights or guidance.
If you haven't already, consider running a security scan on your devices to check for any potential vulnerabilities or malware that could be contributing to these login attempts.
Lastly, if you have any sensitive information stored in your emails or accounts linked to your Microsoft account, it might be a good idea to review and possibly remove or secure that information.
I hope these suggestions help, and I wish you the best in resolving this issue and keeping your account secure.
Yeah... I've had this happen before with my Microsoft account. It happens all the time. I'm guessing Microsoft email account is just an easy target.
Your email is either public or was exposed in a data breach, for which people are just mass botting account login attempts. I get this all the time. With 2FA this is pretty much a non-issue.
Be careful if you are using application passwords though.
Hi @bestarhost!
May I please ask how you wrote this post? Specifically, did you use AI to help you write it? If yes, which AI helper did you use?
Best wishes!
Tom
Hi Tom,
What about the post makes you wonder if AI was utilized to help compose it?
Which AI tools that you know of are the most common AI tools utilized for writing composition?
You can make an alias and make it primary, and sign in with that instead. Should put a stop to the attempts. You have MFA enabled right?
What’s super fun is using their 2FA app so people can hit you with login requests without even trying a password. I hope it’s rate limited.
Quillbot (gen AI detection) has it as 100% AI garbage. Is there a rule in place to disallow this garbage and ban the people that spew AI crap. If you don't close the floodgates now it will become an unholy mess - looks at shitshow Quora..
Seems like chatGPT or Cluade or Bing AI Chat
2FA is necessary
I have a Microsoft account which i dont use at all. Just signup once yearly keep active. But i got otp to alternative email frequently. So someone might be trying to get acces
Had this issue with my Microsoft account too. Enabling 2fa didnt help. Had to create an alias and make it primary.
If you click on the login attempts you will learn that every 2-3 attempts are from the same IP address and then from another IP address and so on. They brute force your account in this way to prevent it from being locked out. Almost all of these IP addresses are already known to Microsoft as being malicious and the attempts are blocked because of that. The log-in attempts are probably done via a legacy authenticitation which does not require MFA.
Don't see any reply from @bestarhost. So, unfortunately, @bestarhost has been banned due to AI and signature spam in https://lowendtalk.com/discussion/comment/3956237/#Comment_3956237
Please see: LET Humans Only Policy