
Who Tried to Hack Your Microsoft Account? - ddmma
http://www.7tutorials.com/who-tried-hack-your-microsoft-account-when-where-did-they-succeed
======
Metrop0218
I highly recommend enabling the two factor authentication feature. I got my
account targeted by some botnet and was breached several times regardless of
how ridiculous my password was. Of course, this all stopped the moment I
started using two factor auth.

~~~
NamTaf
I've got some Chinese IP trying to log in to my account every 4 or 5 days at
the moment it seems. Prior to that, it was a Japanese IP every few days for a
couple of weeks.

Two factor auth. via my mobile is great.

------
com2kid
Well that was amazingly useful. Someone had guessed my PW and was logging in
regularly from a Windows CE device in Denver.

Very odd and confusing. Scary since my Skydrive has all sorts of personal
stuff in it.

2 factor is awesome, but I always fear losing access to my account. Basically
it means that if I don't have my smartphone on me, I have no way to check my
email except on pre-authorized computers.

This is of course the point but it also means if I am traveling and I lose my
smartphone, I have no way of contacting anyone that I know. I would be
completely lost in the world and unable to reach out to anyone for help.

Of course there is the recovery code, which I have a copy of in my wallet, but
that does me no good in a "traveling through city, get mugged" scenario.

It is scary how reliant we are upon technology. :(

~~~
justsomedood
Check the IP, if you are windows phone and your phone is syncing with exchange
via the cellular data network your IP may be showing somewhere completely
different than where your are. Check the owner of the IP and you'll probably
see that it's your cellphone carrier.

I see the same logs, but in Washington and the IP is T-mobile's (my provider)

~~~
com2kid
Some of the activity logs show "activesync", which I assume is my WP. Other
log entries show logging in from Windows CE devices, which is very strange.

But yes, "datacenter" was the first thing that popped into my head.

Then of course there were the constant failed security question checks coming
in at a rapid pace. I pretty much assume those are dangerous. I changed my PW
to something insanely long with lots of nice junk in it and added two factor
on top of that.

------
chadgeidel
Interesting. I'm in Colorado and last night I got regular (once every half
hour) logins from "Exchange ActiveSync" in San Francisco.

Is it possible one of my (many) Live apps is doing this through an endpoint
there?

[edit] I don't think justsomedood's post
([https://news.ycombinator.com/item?id=6928806](https://news.ycombinator.com/item?id=6928806))
applies to me , all my devices were on my local network last night. It's a
good thing to check though!

I've just enabled 2-factor auth, so hopefully I've removed the issue.

~~~
chadgeidel
For anyone who hasn't set up 2 factor auth - you can use Google's app as
described here:
[http://www.hanselman.com/blog/SettingUpTwoFactorAuthenticati...](http://www.hanselman.com/blog/SettingUpTwoFactorAuthenticationForYourGoogleAccountANDMicrosoftAccount.aspx)

Much better than Microsoft's guide IMHO.

------
kabdib
Needs work

\- I have a sea of successful logins. Finding a bad one in the past looks
hard.

\- Location info for successful logins just says "United States", and should
be more detailed up front.

Otherwise, a nice feature.

~~~
wonderzombie
I suspect it's because the usual threat model is "overseas attacker" rather
than "attacker one state over."

That said, if it's by IP, I don't see why they couldn't localize it closer, at
least to an approximate state level.

------
HeXetic
I have Skype on my phone and the log is filled with that app logging in all
the time (looks like every 10 minutes!), which makes this kinda useless. It
would be nice if the UI had a way to trim that list down somehow. e.g., group
by country, filter by successful logins.

------
null_ptr
So if I have a random characters + numbers password that's reasonably long, do
I actually have anything to worry about? Microsoft and Google don't allow
brute forcing through their web login interfaces, do they? I keep things like
IMAP and POP disabled.

------
johnny_reilly
Terrifying - it's a shame the "Learn how to make your account more secure"
link is broken.
[http://go.microsoft.com/fwlink/p/?LinkId=324395](http://go.microsoft.com/fwlink/p/?LinkId=324395)

~~~
com2kid
Works fine for me now, link followed in both IE11 and the latest FF build. FF
was logged in, IE wasn't.

------
fallinghawks
Thanks for posting that. I keep a throwaway hotmail account but it's the
principle of the thing.

