My family devices are showing online in another state while my browser crashes are tied to the attempted access to my cache edge passwords

  • Thread starter Thread starter AaronParris
  • Start date Start date
A

AaronParris

Guest
As a security nut, I always enable access logging in events, For the last 2 days I noticed my browser would crash and my event logs reflected a corrupt MS file that stores my cached web passwords but when I rebooted it was fine. I then got suspicious, rebooted my machine and checked IP connections. I noticed the typical MS IP's but one stand alone IP in California (Geotagged it, IAVA, all the typical stuff) was accessing RPC with the same timestamps as my system was accessing that file (Without my browser open) I immediately didn't trust my own machine and started using my non-windows machines to change my MS account web passwords, Paypal and other items. I also turned on 2 factor as a protection step for any account that was tied to money (Emails, Accounts, others).

Then I noticed something odd, My Childs account was captured in the logs as well On my machine which he has never used (He has a outlook account). but he was in bed asleep. So I then moved to use the parental controls and "Find my Child", Find his device, and so-on. MS had a clue, My X-Box was active (Hasn't been turned on in years) All of my son's separate computers were located at the same street and address in California (Even though they were in my Atlanta home) and now I was worried. #1, How can a child account tier trust to a Device, and then the same device access other machines in my account using ms family? I assume it has to do with the Onedrive functionality of giving you access to your profiles on all your devices. Why would it allow this behavior and give access to the non MS system in California? is there a RPC call that can do that? Do the functions of My Devices replicate user profiles with cached passwords in the cloud? One of my children's machines did not get the newest update released the day before yesterday, but it did now. Meanwhile, until I figure this out, I have locked access to one machine and may lock all three.

Continue reading...
 
Back
Top