Someone else might have used your password to access your account

mrochester

mrochester

mrochester

Soldato
Joined
29 Sep 2003
Posts
5,834
Location
Newcastle upon Tyne
Hi

I have just received an email from Microsoft to say that someone else may have used my password to access my account and that I will have to reset the password.

I have 2 factor authentication set up and I received no request to authenticate a login, so no one has tried to login to my account.

Microsoft have now forced me to reset my password to something new. It has also reset all of my app passwords so I'll have to set all of those up again.

Can anyone tell me why I would have received an email to say someone was trying to access my account when the lack of a 2 factor authentication request clearly indicates no one has? Does anyone know how to stop this from happening? I do not want to change my password as it is already secure.

Many thanks

M.

EDIT - I should mention I have a VPN on all my devices so I frequently look like I am singing in from different parts of the world, but surely this should not cause a problem if it does not trigger a 2 factor authentication challenge?
 
Maybe the VPN was the reason why there was no 2FA request by MS as it probably came from an IP address you'd used (I am guessing here) and it possibly would take some time before it resets the need for 2FA to be required.
 
Have you been to the Security page for your account as this shows all attempts to access the account - https://account.microsoft.com/security

I actually have a failed attempt against mine yesterday and didn't receive any 2FA notification. I think Microsoft have had some issues where they've integrated accounts from different services, and where 2FA is not applied correctly. Specifically I've come accross this with Skype accounts, when they were merged with Microsoft Accounts the 2FA on your Microsoft Account was not applied properly on the Skype side effectively allowing someone to bypass it if they knew your password.
 
andshrew said:
Have you been to the Security page for your account as this shows all attempts to access the account - https://account.microsoft.com/security

I actually have a failed attempt against mine yesterday and didn't receive any 2FA notification. I think Microsoft have had some issues where they've integrated accounts from different services, and where 2FA is not applied correctly. Specifically I've come accross this with Skype accounts, when they were merged with Microsoft Accounts the 2FA on your Microsoft Account was not applied properly on the Skype side effectively allowing someone to bypass it if they knew your password.
Click to expand...



hrmmm

There's a temporary problem
There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.
Click to expand...
 
andshrew said:
Have you been to the Security page for your account as this shows all attempts to access the account - https://account.microsoft.com/security

I actually have a failed attempt against mine yesterday and didn't receive any 2FA notification. I think Microsoft have had some issues where they've integrated accounts from different services, and where 2FA is not applied correctly. Specifically I've come accross this with Skype accounts, when they were merged with Microsoft Accounts the 2FA on your Microsoft Account was not applied properly on the Skype side effectively allowing someone to bypass it if they knew your password.
Click to expand...

I did check my account activity and it showed a successful login in Italy, which is fine because my VPN was set to Italy at that point.
 
mrochester said:
I have just received an email from Microsoft to say that someone else may have used my password to access my account and that I will have to reset the password.
Click to expand...

Are you sure it really was from Microsoft? Was there a link provided in the email?
 
Quartz said:
Are you sure it really was from Microsoft? Was there a link provided in the email?
Click to expand...

Yes there was a link in the email but I didn't click that. Instead I accessed my account myself and it prompted me with the same message as soon as I logged in.
 
Run Malwarebytes

The service which currently has an issue on your PC, doesn't have an issue on mine.
Just run it to be sure its not a complex overlaid password grabber.
 
Microsoft has been forcing people to update their passwords in recent months, I had the same thing a few weeks back. If you google it many people have and its MS's way of making people that keep a password a long time to update it. It is annoying but nothing to worry about as long as you verify the email is from MS which if on hotmail(outlook) it has the verification information there. When it happened it even logged me out of all the MS services I was using at the time even skype I was in a call and it logged me out in the middle of the call.

Change your password and forget about it.
 
On average I get one every 6 months, no one uses that account and it isn't even an microsoft email it's my own personal purely used to log into Windows 10.

I too also have 2 step setup and get no texts or emails before the reset one.
 
Had exactly the same thing happen to me earlier this year - I went to the security page to try and see what was up and I was forced to reset my password. The annoying thing is after I did get access it showed the activity that they'd flagged as suspicious was for a different email / id to mine so why was it flagged as an incorrect attempt to log into my account as neither the email address nor the password were correct.
As someone stated above I just think this was an elaborate excuse to get people to update their passwords (mine was several years old but was unique to this MS account so I've never had any reason to change).
 
Not sure if it's related here, but I've been away for a few weeks in Yankland and checked my account for odd activity at the same time I was changing mobile and email verification (also got 2FA enabled)... there are about around 8 or so invalid sign-in attempts from around the world (China, Europe, elsewhere) which seem to map to my ancient Skype account alias, one that I merged into my MS account quite a while ago. I've no real concerns about hacking attempts, but it's possible OP and others might also be seeing the same kind of issue too.

If anything, it's reminded me to fully clean up all my auth methods across various sites!
 
You must log in or register to reply here.
Back
Top Bottom