this post was submitted on 17 Feb 2024
120 points (92.3% liked)

Privacy

31949 readers
830 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.world/post/12063839

Someone keeps trying to access my MS account

Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

all 50 comments
sorted by: hot top controversial new old
[–] Arghblarg@lemmy.ca 42 points 9 months ago (2 children)

It's good to be paranoid, but for years I have had periodic sign-ups for lists I never wanted, services I never asked for, medical appointments and plane ticket reservations(!) I didn't make ... you name it.

All because I was an early gmail invitee, so my account is just 'firstinitiallastname@gmail.com' (with no '123', or other decorations) -- I was the FIRST. And I'll be damned if I give it up!

So, so many people with my first initial and surname forget to add whatever crap they added to their signup after they must have gotten the error message at sign-up that told them 'sorry, but firstname.lastname@gmail.com is already taken' and they then forget whatever they added, and keep using my email address when they register for whatever crap they do. So bloody annoying.

I've taken to just logging into the numerous sites they helpfully send me registration links for, and if there's a profile section I may (if I'm feeling cranky) set their profile photo and bio to unsavoury things, before locking the account. If I'm not feeling cranky I just unsubscribe/delete the account.

[–] Socsa@sh.itjust.works 25 points 9 months ago

Same. There has been a man in Texas apparently using one of my early Gmail accounts for tons of important things for a decade at this point, to the extent that I know his name, address and phone number, and could definitely gain access to his cell phone and car insurance accounts if I wanted.

I know he doesn't have access to the account, and I see all of his e bills and password reset attempts every few months, so I'm not really sure what his problem is. I kind of assume it's an elderly person who pays for things with checks and doesn't notice that he can't access any of his online accounts, and then occasionally the kids try to pay a bill for him and try to reset the account passwords but can't.

So if you are reading this, Mr Alvarez of Waco TX, don't worry - I've got you covered and your greedy kids won't add lines to your cell phone plan on my watch!

[–] gothic_lemons@lemmy.world 3 points 9 months ago (1 children)

Lol nice way to handle it. Do you ever get angry emails from the ppl?

[–] jrbaconcheese@yall.theatl.social 4 points 9 months ago* (last edited 9 months ago)

I have the same, and also sometimes do the same, and no I never hear back. I’ve canceled orders, canceled flights, and other things like that.

[–] fluckx@lemmy.world 19 points 9 months ago (3 children)

I checked out my old Hotmail account and there's somebody in china trying to access it non stop.

It's protected with a strong password and 2fa. But it still makes me uneasy. I just wish I could geo block the attempts or something.

[–] daft61lunacy@lemmy.world 7 points 9 months ago (1 children)

Geo block would be great on unsuccessful logging in.

[–] aniki@lemm.ee 8 points 9 months ago (1 children)

you mean like fail2ban? a standard POSIX package since the 90s? that kinda paradigm that MS has no concept of?

[–] daft61lunacy@lemmy.world 3 points 9 months ago (1 children)

What’s more annoying is that it’s been happening since January 21st and no notice from MS.

[–] aniki@lemm.ee 0 points 9 months ago (1 children)

You'd think stopping crap like that is easy pickings for AI to sort out...................................................

[–] possiblylinux127@lemmy.zip 1 points 8 months ago

Plot twist, the logins are all coming from ChatGPT

[–] Shape4985@lemmy.ml 3 points 9 months ago

Ita the same for me. I only have my old hotmail as its tied to my xbox account. Someone from china is attempting to get access every day.

[–] possiblylinux127@lemmy.zip 2 points 8 months ago

Contact Microsoft. If your lucky they can fingerprint the person doing this and block them (if your lucky)

[–] dosse91@lemmy.trippy.pizza 15 points 8 months ago* (last edited 8 months ago)

If you have 2FA enabled they won't be able to get in, but if you change your password and they're still trying, that means that somehow they have your new password, which means you probably have a credential stealer in your PC or one of your devices. I would reinstall windows immediately then change EVERY password.

[–] MNLFNUT8YG@lemmy.world 14 points 9 months ago (1 children)

I have this also all the time on my Microsoft account. All un-successful of course (long password and 2FA activated). So stopped looking at this.

[–] daft61lunacy@lemmy.world 4 points 9 months ago (1 children)

First time it’s happening to me, makes me feel uncomfortable.

[–] WhatAmLemmy@lemmy.world 6 points 9 months ago (1 children)

Encrypt everything pre-upload and you won't have to care about the security of individual cloud providers ever again.

[–] possiblylinux127@lemmy.zip 1 points 8 months ago

That won't save you from fingerprinting and non-free JavaScript which is needed to login and use email

[–] cooopsspace@infosec.pub 11 points 9 months ago* (last edited 9 months ago) (1 children)

Buy two ubikeys, one for you and one for your safe or lockbox.

Also use a password manager and don't reuse passwords.

[–] daft61lunacy@lemmy.world 2 points 9 months ago (1 children)

Might be a dumb question but can I use a yubico key for more than one device?

[–] cooopsspace@infosec.pub 6 points 9 months ago* (last edited 9 months ago)

Yes!

In fact, I have an NFC one which id highly recommend and just scan my phone on it and log into my password manager.

Two is one, one is none though. You need to set up both keys on each website or app. Then lock one away.

[–] crispy_kilt@feddit.de 10 points 9 months ago (1 children)
[–] Chakravanti@sh.itjust.works 1 points 9 months ago

Enable GPG verification. Only 2FA I trust.

[–] mp3@lemmy.ca 10 points 9 months ago

Kind of happens everywhere to be honest, the best defense is to have a good and unique password and MFA enabled.

[–] lemmyingly@lemm.ee 9 points 9 months ago (1 children)

This is normal. All of my accounts have looked like this for years. So I imagine every account with Microsoft will see this bombardment of someone trying to get in.

It's not just Microsoft - every server on the internet with an open port gets bombarded all of the time. It's just the way of the internet. So if you move your account to another platform it'll see the same bombardment as it does now.

[–] Kaiyoto@lemmy.world 5 points 9 months ago* (last edited 9 months ago)

I have the same issue. For me it's mainly some ip address in Russia but it bounces around. I've had the 2FA enabled on my account for at least a year now. I have a unique, random password for it. Recently (like a month or two ago) the 2FA app popped up with a message to click on the number to verify or deny. I knew it wasn't me so I denied it.

I was worried someone had managed to guess my long ass password but I fiddled around with it and it's possible to get that 2FA prompt when you are trying to do a password recovery. So I just let it ago and haven't gotten any others since. I still feel like I should chang my email but based on what others are saying it doesn't seem like it will make a difference.

[–] Dominik@lemmy.world 4 points 8 months ago* (last edited 8 months ago)

I'd say ignore it, or if you'd like it to stop, create a new email alias and change your login settings so it only allows you to sign it with the new alias (and don't use that email for anything)

Edit: I just noticed there are some successful sign ins. Make sure to change your password, add 2fa, and log out of all devices

[–] possiblylinux127@lemmy.zip 3 points 8 months ago (1 children)

I would contact Microsoft support immediately

[–] glitch1985@lemmy.world 4 points 8 months ago (1 children)

Why reach out to them when they call me every few days about my computer having a virus?

[–] towerful@programming.dev 3 points 8 months ago* (last edited 8 months ago)

Im glad they called, too. These log in attempts started around the same time. If i wasnt connected to their secure server with my pc regularly saying its updating, id be really worried that someone would try and log into my online banking!

(/s if you dont get the references, watch some kitboga - or any of your preffered scam-baiters)

[–] 01011@monero.town 2 points 8 months ago

Had this issue with a gmail account about 7 years ago. It has/had 2fa. Haven't used it much since then.

[–] free@lemmy.world 2 points 9 months ago (1 children)

Activated tfa? So does that mean u didn't have 2fa activated?

[–] daft61lunacy@lemmy.world 5 points 9 months ago (2 children)

Activated yesterday, using MS Authenticator now, before I would get code on my email to verify and authenticate.

[–] urquell@lemm.ee 6 points 9 months ago

Probably change that email password too

[–] free@lemmy.world 1 points 9 months ago
[–] sloppy_diffuser@sh.itjust.works 2 points 8 months ago

I've been getting in the habit of using per service emails and rotating them like my passwords (if the service allows). MS allows this (assuming the account is not for your email). I've changed it 5-6 times. Except for Skype which I don't use. Can't seem to change that one myself.

Others mentioned YubiKey. Another alternative I use is both an OnlyPass and Mooltipass, interchangeably. They act as keyboards and work with any device I've tried that supports USB keyboards without some agent always running. With it I'll add an extra 56 random characters on top of my memorized passphrase for critical systems (disk encryption, system login, password manager).

[–] Deceptichum@kbin.social 2 points 9 months ago* (last edited 9 months ago) (1 children)

I saw that this morning from 6AM to 1:30PM had people from IPs all over Europe trying to login. Failing luckily but I'm glad to see I'm not the only one.

Actually after looking at the logs it non-stop every hour for days and days. Odd that I only got like 7 emails about the code this morning and not the thousands of other times.

[–] daft61lunacy@lemmy.world 1 points 9 months ago (1 children)

I’m seeing Poland, Germany, Turkey and China.

[–] FellowEnt@sh.itjust.works 2 points 8 months ago

Fwiw I had a similar flurry of failed attempts from exactly those countries a few days ago.

[–] iamhangry@programming.dev 2 points 8 months ago

I have an account that has been having that same behaviour for years. I changed my password multiple times after and have 2fa. I was uneasy at the time but realized the best I could do is move on from those accounts as main accounts and just keep them locked tight.

[–] daft61lunacy@lemmy.world 1 points 9 months ago