cross-posted from: https://lemmy.world/post/12063839
Someone keeps trying to access my MS account
Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.
It’s good to be paranoid, but for years I have had periodic sign-ups for lists I never wanted, services I never asked for, medical appointments and plane ticket reservations(!) I didn’t make … you name it.
All because I was an early gmail invitee, so my account is just ‘firstinitiallastname@gmail.com’ (with no ‘123’, or other decorations) – I was the FIRST. And I’ll be damned if I give it up!
So, so many people with my first initial and surname forget to add whatever crap they added to their signup after they must have gotten the error message at sign-up that told them ‘sorry, but firstname.lastname@gmail.com is already taken’ and they then forget whatever they added, and keep using my email address when they register for whatever crap they do. So bloody annoying.
I’ve taken to just logging into the numerous sites they helpfully send me registration links for, and if there’s a profile section I may (if I’m feeling cranky) set their profile photo and bio to unsavoury things, before locking the account. If I’m not feeling cranky I just unsubscribe/delete the account.
Same. There has been a man in Texas apparently using one of my early Gmail accounts for tons of important things for a decade at this point, to the extent that I know his name, address and phone number, and could definitely gain access to his cell phone and car insurance accounts if I wanted.
I know he doesn’t have access to the account, and I see all of his e bills and password reset attempts every few months, so I’m not really sure what his problem is. I kind of assume it’s an elderly person who pays for things with checks and doesn’t notice that he can’t access any of his online accounts, and then occasionally the kids try to pay a bill for him and try to reset the account passwords but can’t.
So if you are reading this, Mr Alvarez of Waco TX, don’t worry - I’ve got you covered and your greedy kids won’t add lines to your cell phone plan on my watch!
I checked out my old Hotmail account and there’s somebody in china trying to access it non stop.
It’s protected with a strong password and 2fa. But it still makes me uneasy. I just wish I could geo block the attempts or something.
you mean like fail2ban? a standard POSIX package since the 90s? that kinda paradigm that MS has no concept of?
What’s more annoying is that it’s been happening since January 21st and no notice from MS.
If you have 2FA enabled they won’t be able to get in, but if you change your password and they’re still trying, that means that somehow they have your new password, which means you probably have a credential stealer in your PC or one of your devices. I would reinstall windows immediately then change EVERY password.
I have this also all the time on my Microsoft account. All un-successful of course (long password and 2FA activated). So stopped looking at this.
Encrypt everything pre-upload and you won’t have to care about the security of individual cloud providers ever again.
