Scary stuff

RavenLunatic · 15 May 2024 at 07:28

I happened to log into my Microsoft account to find that there where 3 unrecognised machines tied to my account running Windows 10. The hardware configuration was low end Pentium from 1996 so I presume they were from virtual machines. Why would someone link a random windows licence to my Microsoft account?

It gets worse, I clicked on the sign in activity, and it showed hundreds of failed log-in attempts from all over the world every day. Fortunately, I have a strong password and 2FA but still this is worrying to say the least.

I am aware that my e-mail address has been pwned a few times from various hacks over the years but I never use the same password twice.

Have you checked your Microsoft account lately?

RavenLunatic · 15 May 2024 at 15:10

I am sort of glad it’s not just me being targeted. I do not know how I have been compromised. Wouldn’t they do the whole ransomware thing at the first opportunity?

I did buy some windows 10 pro keys back in 2020. Could it be they have sold the same keys again?

It would explain why they linked to my MS account as I used all of them at one time or more on different machines.

I cannot see any successful attempts at logging in with my password or synchronization. Going to run Malwarebytes on my windows machines and see if it picks anything up.

RavenLunatic · 16 May 2024 at 11:03

Sign in to your Microsoft account

account.microsoft.com

then select View my sign-in activity

RavenLunatic · 16 May 2024 at 11:18

Murphy said:
If the email you used for your MS account has been leaked have you thought about creating an alias and disabling the login privileges for the email you used to create the MS account with.

Thanks, I didn’t know you could do that.

I have gone the route of passwordless logon. It appears that option is the most secure as it does not give an attacker the option to guess my password.

On second thoughts that might be a mistake :s I hope my phone authenticator will not beep every time someone tries to log in.

RavenLunatic · 17 May 2024 at 14:12

Changing to passwordless hasn’t stopped the login attempts. There are fewer of them, but fortunately I haven’t been inundated with authorisation requests in fact none. The devices section does not show the foreign PC’s after I deleted them on Wednesday, but I will be keeping an eye on it in case it happens again.