Security breached 1 hour ago.
Received email from Microsoft about 'unusual sign-in', went to check 'recent activity'.
Holy moly.





They have been doing this for one month, on and off.
Account breached on 19th attempt.
Strange Microsoft did not send email to inform me earlier. :x

Changed my password. Turned on 2FA.

Still in after-shock, thinking how big the impact will be.
I think the 'secret' I stored in OneNote is compromised now.
Not sure what is yet to come.

very common.

just set another alias and disable your main alias. otherwise you will still get relentless sign in attempt.

Thanks for the heads up.

Always turn on 2FA, doesn't matter if it's Microsoft or Google email. Too many brute force password attempts by hackers nowadays.

I think it started almost bout 3 years ago where i noticed Microsoft account suddenly have a lot of unsuccessful sign ins practically nonstop. Before that, it was once in a while. Decided to turn on 2FA then as don't want to take risk.

Unfortunately, Microsoft won't alert you to unsuccessful sign in as they consider it no harm done.

Make password at least 14 characters long, must turn on 2FA, and use alias

This post has been edited by annoymous1234: Dec 9 2024, 05:15 PM

work or personal Msoft account?

My work Microsoft account is secured to the max.

I also kena last month, macam breached but that was old work email that I no longer use. Suddenly my MS Mail got notification that unusual account activity.

Another MS account also kena, that was my Windows Login account, turned on 2FA.

The uncessful login is normal. It happens to any account by hundreds every day. It just showing your password is working (until it isn't).
Its only alarming because MS account logged the event.
Google didn't do this and only start freaking out on 2fa stage failure.

This post has been edited by failed.hashcheck: Dec 9 2024, 05:34 PM

Already seeing this brute force shit ages ago. Already got 2FA authenticator so I wouldn't be too worried

Ts ada harom stuff till become target.

Edit: Fuh I got alot attemp too it seems bt microsoft message is this kek.

Thanks for telling us
Don’t worry. This sign-in attempt was unsuccessful, so there is no need to change your password. Learn how to make your account more secure

This post has been edited by Lucas0323: Dec 9 2024, 07:27 PM

now open google timeline

What does the alias part mean ?

Don’t use “name.surname” type of email format?

What secret you put in OneNote?

No. It means login using an alternate email, for example, ur email is abc@outlook.com, u create another email abcd@outlook.com as an alias, and set this as primary email. Then in the future, every time when u login, u can only use abcd@outlook.com to login, if u try to use ur actual email, u will get email not exist. However, ur actual email is still active, just that when someone use ur email want to login, it will say email doesn't exist.

What u mean disable main alias?

Then.. How u wanna login to check the main email? Everytime switch main email to the initial n switch back before logout?

What's wrong with using authenticator?

one unsuccessful sign in from Mexico yesterday wtf?

U use the alias to login, it connects to ur main email.
Think about it this way, when someone wants to login ur email, they will first enter ur email, then guess ur password, correct?

Now with alias, when they enter ur main email, it will say email doesn't exist, which means they can't even proceed to the next step, which is to guess ur password.

Authenticator is another additional security steps.
That's why using alias plus 2FA and u are already well protected.

This post has been edited by annoymous1234: Dec 9 2024, 09:38 PM

yeah here

lucky i had 2FA setup log time ago. but all the breach seems to be wrong passwords. probably from leaked password in haveibeenpwn

You use 'different' email to sign in, but at a same time, your main email address is still the same.

So like now your main email sign in is abc@outlook.com.

But you sign in with xyz@outlook.my.

Nobody will ever know your xyz@outlook.my as you will still use abc@outlook.com as correspondent email.

Authenticator prevent breach but it doesn't prevent your account getting locked by too much failure attempt.

This post has been edited by a13solut3: Dec 9 2024, 10:03 PM