none
Outlook Unusual Sign-in Activity - Is one of my devices compromised?

    Question

  • Hello, community!

    I do have an Outlook account that is receiving attacks mostly from USA and European Countries, with succesful logins.

    It has begun on 28/02, with an access from USA, and my account was logged from mostly USA and once from Russia (somebody has dumped my e-mails on this one connection).

    Since that happened, I've activated 2-factor activation on my Windows 10 Mobile using Microsoft Authenticator and obviously changed the password.

    7 days have passed without incidents. On 24/03, (probably) the same person (from the "same place" as shown in the Recent Activities map) managed to get access to my account again, after someone from the Czech Republic tried to sync my stuff unsuccessfully.

    How come somebody managed to have access to my account if I've activated 2-factor on my account and I'm the only one who has physical access to my device?

    How do I solve this problem, for Microsoft says "I'm secure" in the Recent Activities page?

    Monday, March 27, 2017 1:24 PM

All replies

  • And before someone asks, yes, my password was secure and ALL of my devices are updated to their best. I don't install useless stuff on my systems, just the bare minimum for my profile of usage. And I run Antivirus once in a week on my PCs.

    Maybe, it's my Cable Modem, but I'm supposed to have https connection, and my Google Chrome (on PC) and Edge (on mobile) says the certificates are good.

    Monday, March 27, 2017 1:28 PM
  • Hi,

    If you think your Microsoft account has been hacked, we recommend that you reset your password right away. Then learn how to Get back into your Microsoft account if it's been compromised and follow these tips to strengthen your account against future attacks.

    To change your Outlook.com (formerly Hotmail) password, sign in to your Microsoft account, and then go to the Password and Security section. It's a good idea to choose a password that you don't use elsewhere.

    In your scenario, the unusual activity persists after you enable the two-step verification. I suggest you can set up a "trusted PC" to recapture a hijacked account. You can associate your account with one or more of your personal computers. That way, if you ever need to regain control of your account by resetting your password, use one of your trusted computers and Outlook will know you are the legitimate owner.

    If the issue persists, please directly contact Microsoft for more help.


    Regards,

    Winnie Liang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 28, 2017 9:55 AM
    Moderator
  • Additionally, this forum focuses on general discussion about the Outlook desktop client which is the Office application. If you have any further question about Outlook.com account or other Microsoft account, please ask a question in Outlook.com forum for more help:

    https://answers.microsoft.com/en-us/outlook_com/forum/osecurity

    The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.


    Regards,

    Winnie Liang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 28, 2017 9:58 AM
    Moderator