this post was submitted on 17 Feb 2024
136 points (96.6% liked)

techsupport

2451 readers
17 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Reddit

Software gore

Recommendations

founded 1 year ago
MODERATORS
 

Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

you are viewing a single comment's thread
view the rest of the comments
[–] lurch@sh.itjust.works 5 points 8 months ago (1 children)
[–] daft61lunacy@lemmy.world 11 points 8 months ago (2 children)

Yes, support said that they can’t stop it, and my account is safe.

[–] Sarie@lemmy.world 10 points 8 months ago (1 children)

Same here, I have been in the same situation for years. Looks like if you email appears in a data breach every hacker in the world tries to get access to your email. Just never reuse your email password and set 2FA. That's more than enough to prevent unauthorized access and don't lose sleep over it.

I got a notification from my original Xbox account from 2008 saying someone had managed to crack the password and needed the 2fa code.

I went to check on sign in activity and holy shit I knew that email account had been leaked long ago but I was not prepared for dozens to hundreds of sign-in attempts EVERY SINGLE DAY, from all over the world (at least I assume places that are popular VPN outlets)

That account doesn't have a single thing on it. No games, no cards, it was never even connected to the internet except the rare occasion when I was at a friend's house. And I don't re-use passwords except on throwaway accounts. So they would have been quite disappointed by it.

But just to be sure I changed the password again on all my big accounts or accounts with cards attached just in case.