Scary stuff

Associate
Joined
18 Dec 2008
Posts
351
I happened to log into my Microsoft account to find that there where 3 unrecognised machines tied to my account running Windows 10. The hardware configuration was low end Pentium from 1996 so I presume they were from virtual machines. Why would someone link a random windows licence to my Microsoft account?

It gets worse, I clicked on the sign in activity, and it showed hundreds of failed log-in attempts from all over the world every day. Fortunately, I have a strong password and 2FA but still this is worrying to say the least.

I am aware that my e-mail address has been pwned a few times from various hacks over the years but I never use the same password twice.

Have you checked your Microsoft account lately?
 
Associate
Joined
2 Jul 2019
Posts
2,462
I looked earlier this month as had some funky behaviour with various accounts signing me out on different devices. All 2fa, strong password, no pwnage/ breach on any account.

I noticed these attempts, there were 2/3 IIRC, China IP etc. My uneducated guess is that this is normal behaviour, and the reason strong passwords exist, etc.

IIRC I've read in some threads about router logs showing hundreds on attempted access into network being normal. Though hopefully someone with knowledge will elaborate.
 

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
100,627
Location
South Coast
The only way they'd be able to circumvent your 2FA is if they somehow gained access to your backup codes or backup methods of recovery/access - The latter would send you a notifcation in the Microsoft Auth app anyway though as a prompt pops up in the app for any login attempt from a non-authorised machine gaining access.

Alternatively one of your authorised machines has been compromised and as such because it's previously authorised, has had full access to your account and was able to be spoofed remotely I guess.

Otherwise 2FA is not possible on its own to bypass.

Like the movie Scream, the call is coming from inside the house.

I just logged into mine just for kicks, only my one PC as an authorised device,

I then checking the login activity and see this:

WrVYXh7.png


All but the top one are failed attempts, the top one is me just now. The Automatic Sync one is a failed attempt too whereby a bot is clearly trying am email based access but failing to sync. My 2FA method is via the official MS app, so unless they also have my phone and my biometrics, then there's no way anyone is getting in, even if they figure out my password.
 
Associate
OP
Joined
18 Dec 2008
Posts
351
I am sort of glad it’s not just me being targeted. I do not know how I have been compromised. Wouldn’t they do the whole ransomware thing at the first opportunity?

I did buy some windows 10 pro keys back in 2020. Could it be they have sold the same keys again?

It would explain why they linked to my MS account as I used all of them at one time or more on different machines.

I cannot see any successful attempts at logging in with my password or synchronization. Going to run Malwarebytes on my windows machines and see if it picks anything up.
 
Last edited:

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
100,627
Location
South Coast
If none of the attempts were successful then you haven't been specifically targeted and this is simply a case of bot machines checking various emails against big account services like MS to see if they can easy access the accounts.

That's the long and short of it so nothing to do, nothing to be concerned about.
 
Soldato
Joined
6 Dec 2003
Posts
2,554
good prompt - hadn't changed my old Microsoft password for a while. Can see the same behaviour on my account, just a single random attempt and failing due to password.

I only have the one Microsoft key registered, still rocking the Win7 retail key I got back in 2009.
 
Soldato
Joined
16 Sep 2018
Posts
12,685
If the email you used for your MS account has been leaked have you thought about creating an alias and disabling the login privileges for the email you used to create the MS account with.
 
Associate
OP
Joined
18 Dec 2008
Posts
351
If the email you used for your MS account has been leaked have you thought about creating an alias and disabling the login privileges for the email you used to create the MS account with.
Thanks, I didn’t know you could do that.

I have gone the route of passwordless logon. It appears that option is the most secure as it does not give an attacker the option to guess my password.

On second thoughts that might be a mistake :s I hope my phone authenticator will not beep every time someone tries to log in.
 
Last edited:
Soldato
Joined
18 Oct 2002
Posts
7,870
Location
Scun'orp
Me too.

Can I transfer my Microsoft account wholesale from its current linked email account to a completely separate email account, so I can basically abandon the current email, since I don't use that email address for anything important, and email also gets absolutely inundated with spam and phishing attempts, so I certainly don't mind if I just pretended it didn't exist if it meant these login attempts would stop. I'm guessing at least until they manage to guess the other email account name. Or is this just not at all relevant?
 
Associate
OP
Joined
18 Dec 2008
Posts
351
Changing to passwordless hasn’t stopped the login attempts. There are fewer of them, but fortunately I haven’t been inundated with authorisation requests in fact none. The devices section does not show the foreign PC’s after I deleted them on Wednesday, but I will be keeping an eye on it in case it happens again.
 
Soldato
Joined
11 Oct 2009
Posts
16,632
Location
Greater London
Changing to passwordless hasn’t stopped the login attempts. There are fewer of them, but fortunately I haven’t been inundated with authorisation requests in fact none. The devices section does not show the foreign PC’s after I deleted them on Wednesday, but I will be keeping an eye on it in case it happens again.
Oddly enough, I actually had a couple of prompts sometime last year asking me to authorise the attempt :p . Haven't seen it happen again ever since though.
 
Soldato
Joined
16 Sep 2018
Posts
12,685
Me too.

Can I transfer my Microsoft account wholesale from its current linked email account to a completely separate email account, so I can basically abandon the current email, since I don't use that email address for anything important, and email also gets absolutely inundated with spam and phishing attempts, so I certainly don't mind if I just pretended it didn't exist if it meant these login attempts would stop. I'm guessing at least until they manage to guess the other email account name. Or is this just not at all relevant?
I'd never use a MS account myself but from what i understand you just add an alias, disable logon for the primary email (don't delete it), and use the new alias to logon.

Basically this...
 
Caporegime
Joined
22 Nov 2005
Posts
45,423
Someone hacked my email back in the blueyonder days, then they used my email address to send spam to other people lol...

Most bizarre thing I ever saw. literally spamming random people with penis enlargment type adverts
 
Last edited:
Back
Top Bottom