There must have been a data breach at Microsoft recently, because my Microsoft account has had *15* failed login attempts from 4 different countries since May 25 (previously zero) ðŸ«
My account is safe and all's okay, but... maybe check your Microsoft account security & set up 2FA just to be safe?
Me too! The crappy thing is that M$ won’t specify which account is getting brute-forced. I’m getting these notifications on my backup gmail account
Yay, Microsoft got hacked big time recently. It's how we learn their new AI tool has no security for all the data they would be collecting. So try to include pass keys if you are able to get one of those
Huh. 415 attempts since the 29th of last month.
Zero penetration, zero requests for 2fa confirmation.
Guess the password is secure for now.
I might place a call to see if I can change my damn login name then, make em stop dead.
It's possible an account/password of yours was contained in a data breach of another system. They were then attempted @ Microsoft. It's usually called "credential stuffing".
Go to haveibeenpwned.com to check if any of you accounts have been stolen. Only your email is needed to check known breaches.
I had one of those the other day. I got one of those emails with the code to reset your password.
Anyway, out of sheer anxiety I reset both the password on my Microsoft account (which I don't use) and my associated email address.
It will be like that forever, once it started on my account I don't think it has ever stopped, all failed. I finally got around to removing the ability to sign in with a password about a year ago. Can only use a FIDO2 token like a Yubikey now, and they still try.
Thank you for the PSA. Just checked and sure enough 5+ different countries locations were listed just from the past few days. I rarely turn on my PC because work is enough screens for me now.
I just checked and I'm seeing it too. Probably a breech somewhere with my email account and these attackers are trying the account on multiple sites. I try and keep my passwords unique per site with 2-factor on, but its still annoying
I had this happen earlier this year, it sucked! I reset my pw and 2FA option. They eventually stopped, but if they didn't, assuming that it's bot - the pwless login option looked very tempting to setup.
I got those attempts, and tried to sign in with that address to delete that account, and...Microsoft didn't have an account listed with said address. ::scratches head::
That said, the address username wasn't all that unique and I got a corresponding Microsoft address, so typo maybe?
You can select which aliases can be used to sign in to your account.. for example I noticed that one of my addresses has been appeared in breaches a lot, so I added a new alias and disabled login for the previous one. No more login attempts after