K
Keppy
Guest
I received an alert this morning on my Android MS Authenticator app about unusual activity - a sign in attempt from Indonesia that was unsuccessful. My password has been compromised it seems (it's an old password I should have already changed) so I immediately changed it to a new stronger password. Looking through recent activity there are a number of successful logins from Russia and Indonesia despite having 2FA enabled, reading the activity page they appear to have bypassed 2FA. I have never been to nor logged in via VPN from these countries, this is 100% not me.
MS services I use include Xbox, Office365, Azure, OneDrive.
Given my current situation I have a few questions:
1. How can I check any current logged in sessions on my account, and forceably sign any out if needed? unless changing my password does this automatically (there is no 'this wasn't me' button for entries not under unusual activity, and that button just tells me to change my password anyway)
2. How can I check for purchases/financial activity on my account across all MS services on 1 page?
3. How can I check for any security changes these attackers may have made? Obvious settings I have checked look fine so far
4. How have they successfully logged in when I have 2FA enabled!? Authenticator app, phone number and alternative email received no message, I can see one of their sign ins 'resolved unusual activity' - why did I receive no alert for this?
Any advice for other areas to check for activity or changes would be greatly appreciated.
Continue reading...
MS services I use include Xbox, Office365, Azure, OneDrive.
Given my current situation I have a few questions:
1. How can I check any current logged in sessions on my account, and forceably sign any out if needed? unless changing my password does this automatically (there is no 'this wasn't me' button for entries not under unusual activity, and that button just tells me to change my password anyway)
2. How can I check for purchases/financial activity on my account across all MS services on 1 page?
3. How can I check for any security changes these attackers may have made? Obvious settings I have checked look fine so far
4. How have they successfully logged in when I have 2FA enabled!? Authenticator app, phone number and alternative email received no message, I can see one of their sign ins 'resolved unusual activity' - why did I receive no alert for this?
Any advice for other areas to check for activity or changes would be greatly appreciated.
Continue reading...