Johanna Taylor @ JULY 23 👻📖 @johannamation.bsky.social

There must have been a data breach at Microsoft recently, because my Microsoft account has had *15* failed login attempts from 4 different countries since May 25 (previously zero) 🫠 My account is safe and all's okay, but... maybe check your Microsoft account security & set up 2FA just to be safe?

24 replies 60 reposts 224 likes

NutMeg @casuallychaotic.bsky.social [ View ] Jun 16, 2024 at 01:29 UTC

Or take the opportunity to switch to Linux..?

0 replies 0 reposts 1 likes

Tasmanian Blade Runner @laminatedballs.bsky.social [ View ] Jun 16, 2024 at 22:27 UTC

haveibeenpwned.com

0 replies 0 reposts 2 likes

Chris Broome @cabroome.bsky.social [ View ] Jun 17, 2024 at 01:35 UTC

Me too! The crappy thing is that M$ won’t specify which account is getting brute-forced. I’m getting these notifications on my backup gmail account

0 replies 0 reposts 1 likes

Daemonia @daemonia.bsky.social [ View ] Jun 16, 2024 at 01:07 UTC

Yay, Microsoft got hacked big time recently. It's how we learn their new AI tool has no security for all the data they would be collecting. So try to include pass keys if you are able to get one of those

0 replies 0 reposts 5 likes

Ariohn SylvrWolfe 🔞 @ariohn.bsky.social [ View ] Jun 16, 2024 at 00:38 UTC

Huh. 415 attempts since the 29th of last month. Zero penetration, zero requests for 2fa confirmation. Guess the password is secure for now. I might place a call to see if I can change my damn login name then, make em stop dead.

1 replies 1 reposts 6 likes

wi(l)d-screen franken @drunkcrunkfranken.bsky.social [ View ] Jun 16, 2024 at 05:14 UTC

I noticed this happening to me too. It's pretty unnerving how many times they're trying to get in, even if I know nothing is ultimately happening.

0 replies 0 reposts 2 likes

Dunnage Zone @dunnagez.bsky.social [ View ] Jun 16, 2024 at 19:13 UTC

It's possible an account/password of yours was contained in a data breach of another system. They were then attempted @ Microsoft. It's usually called "credential stuffing".

Go to haveibeenpwned.com to check if any of you accounts have been stolen. Only your email is needed to check known breaches.

0 replies 1 reposts 3 likes

Go Deep, I'll Look for You @godeep.bsky.social [ View ] Jun 16, 2024 at 14:13 UTC

What’s a Microsoft account for? Like iTunes?

0 replies 0 reposts 0 likes

🔞Good Girl Elliotte🔞 @elliotte-draws.bsky.social [ View ] Jun 16, 2024 at 13:46 UTC

I had one of those the other day. I got one of those emails with the code to reset your password. Anyway, out of sheer anxiety I reset both the password on my Microsoft account (which I don't use) and my associated email address.

1 replies 0 reposts 3 likes

Sleeplessone @sleeplessone.bsky.social [ View ] Jun 16, 2024 at 00:18 UTC

It will be like that forever, once it started on my account I don't think it has ever stopped, all failed. I finally got around to removing the ability to sign in with a password about a year ago. Can only use a FIDO2 token like a Yubikey now, and they still try.

0 replies 0 reposts 3 likes

Josh "Go Drink The Sea" Brown @theotherspeakman.bsky.social [ View ] Jun 16, 2024 at 00:10 UTC

I've got 2FA and they've been trying for over a year. Although not as much as my Epic Games account, yeesh

0 replies 0 reposts 2 likes

Kokoro @livelyprancing.bsky.social [ View ] Jun 19, 2024 at 20:44 UTC

Thank you for the PSA. Just checked and sure enough 5+ different countries locations were listed just from the past few days. I rarely turn on my PC because work is enough screens for me now.

0 replies 0 reposts 1 likes

@simonball57.bsky.social [ View ] Jun 17, 2024 at 08:06 UTC

Yes they got hacked by china via exchange

1 replies 0 reposts 1 likes

Mara Johnson @marajohnson.bsky.social [ View ] Jun 16, 2024 at 05:25 UTC

I just checked and I'm seeing it too. Probably a breech somewhere with my email account and these attackers are trying the account on multiple sites. I try and keep my passwords unique per site with 2-factor on, but its still annoying

0 replies 0 reposts 2 likes

Liz Kramer @lizkreates.bsky.social [ View ] Jun 16, 2024 at 00:23 UTC

I had this happen earlier this year, it sucked! I reset my pw and 2FA option. They eventually stopped, but if they didn't, assuming that it's bot - the pwless login option looked very tempting to setup.

1 replies 0 reposts 2 likes

MDK @mattdkerr.bsky.social [ View ] Jun 16, 2024 at 00:09 UTC

Unique password, I take it? Strange

1 replies 0 reposts 1 likes

Emil @emilgson.bsky.social [ View ] Jun 17, 2024 at 17:13 UTC

i get waves of this every few months , usually when gamepass has a new game.

0 replies 0 reposts 0 likes

Dan Davis @bindlestaff.bsky.social [ View ] Jun 16, 2024 at 00:02 UTC

I get waves of those. Ripples, really. Got 3 or 4 a couple of weeks ago, but never as many as 15!

0 replies 0 reposts 4 likes

nuzzlerat @nuzzlerat.bsky.social [ View ] Jun 17, 2024 at 11:47 UTC

same thing here

0 replies 0 reposts 0 likes

Kara @karaboo.bsky.social [ View ] Jun 16, 2024 at 01:15 UTC

I've had thousands of attempts at least 20 daily, it's what made me activate 2FA

0 replies 0 reposts 4 likes

chucklefuck @keegerator.bsky.social [ View ] Jun 16, 2024 at 22:55 UTC

okay yes!! I'm glad it wasn't just me

0 replies 0 reposts 1 likes

Mina Li (she/her) @codenameminali.bsky.social [ View ] Jun 16, 2024 at 01:58 UTC

I got those attempts, and tried to sign in with that address to delete that account, and...Microsoft didn't have an account listed with said address. ::scratches head:: That said, the address username wasn't all that unique and I got a corresponding Microsoft address, so typo maybe?

0 replies 0 reposts 0 likes

Ramith Hettiarachchi @ramith.fyi [ View ] Jun 16, 2024 at 01:55 UTC

You can select which aliases can be used to sign in to your account.. for example I noticed that one of my addresses has been appeared in breaches a lot, so I added a new alias and disabled login for the previous one. No more login attempts after

Settings page : account.live.com/SignInPrefer...

0 replies 0 reposts 4 likes