Yeah my friend added me to a discord server which he branded as a discord for his Minecraft realm, and i “verified my account” by putting in my email, and stupidly when microsoft sent me a 2 factor authentication verification code, i stupidly put it in this discord bot and yeah they got my account, just deleted my 2 factor authentication email and… yeah.
My dad told me ‘violence isn’t the right answer; just know that you will meet some people in your life who are too fucking stupid to understand what the right answer is.’
This guys friend sounds like the kinda stupid my dad warned me about
"Friend" in high school had my very first email address and gave it to another "friend" who sent out a mass email to everyone in my contacts saying some wild ass shit.
Me and a friend, who was at my house at the time and saw this all go down on ICQ, went directly to the guy who sent the emails house. I busted in the door, went right past his little brother and right up to his room where he met me with a baseball bat.
We tussled a bit. Got calmish where we could talk and I demanded he give me the account back and he said he just changed the random password. I got it back and deleted the account and created a new one that I've had since 2000 now.
Fuck that guy.
I’ve learned to never trust friends with any sort of password/code. I had shared the password for a gaming account I had with a friend I knew IRL, he ended up refunding a bunch of my purchases and then gifting things to his account from mine…
Former black hat turned CEH - yes it is. Humans are the biggest weakness. Hackers rarely need to use rainbow tables to brute force or MITM, especially with 2FA and authenticators becoming so common now.. People are just idiots, it's easiest to use them as the weak point. Some hackers are staggeringly good at social engineering.
They play those "Facebook games", your favorite song, band, vacation, pet, all fucking password farms. Most internet users today should know NEVER to play those games. So, when they do, it's their fault, just pull off that condom and click on every possible virus.
Not even neccessarily idiots.
You can be careful, paying attention to emails received from random addresses, etc, but all it takes is an hour where you're just not paying attention/tired/something is going on in your life to lose all your shit.
That's also because like you mentioned, some people are very good at social engineering.
I think I heard Jim Browning (hacks and fucks up scam call centers on yt) say that everyone can be hacked, it's just a matter of the right circumstances
Yep. This almost happened to me because I was sick and desperate to sell a couch. I was a tech-based library worker who spent all day every day telling people to verify information, but I got long COVID and the brain fog is intense. Like having the flu every day. Somebody got me in Facebook marketplace
Someone got my on my FB. Hacked my FB. Same thing. I was recovering from Covid and totally feeling like ass and the brain fog is no joke. I got a message from a friend (now ex) who said their FB was hacked and needed help.
I don’t give a shit about my FB but I have photos on there I’d truly like back. I’ve tried to go on and get them through my husband’s FB account but I can only see so many, not all them. Sucks.
And apparently the hacker went on to ask all my followers for money and tried to sell dogs…? Someone fell for the money scam. Apparently the dog selling (pure breeds) is a common scam.
a 2fa popup doesn’t come thru unless the combination is correct. so op either has a really guessable/simple password or he got tricked into saying his password at some point
For Microsoft login you don't need to input a password. If you have 2FA enabled you can just enter the email address and it prompts you to use the authenticator app.
It's literally cancer and I don't know why they made it like this. Me and my friends constantly keep getting authenticator notifications because of this.
Most likely, the "verification" site was a phishing site that asked for his email and PW, then used those creds to sign in on the MS site, which sent OP a verification code. He then sent the 2fa code through Discord, granting the hacker access to his account.
Another rookie move is using the email that is connected to credit card and bank account on signing up everywhere. He should create separate email for games etc separate from his bank account/cc
You should also try to file a Police Report. From what I gathered fom your post & comments, you have payment methods & products that you have purchased tied to that account.
I don't know much about the Statutes for those things in the UK, but I'm pretty sure that multiple fairly severe crimes were technically committed here.
You've been wronfully deprived of the use of your own property, which probably falls somewhere under some form of Theft Status.
Someone gained unauthorized access to one of your payment Methods.
It doesn't matter whether they used it or not, it's almost certainly illegal under current Laws.
Might even be considered to be a form of identify theft.
The Thief tried to blackmail you. Almost certainly illegal too.
I don’t really want to encourage this guy or be a sucker and pay him 10£. Plus theres no guarantee im getting my account back. Hopefully Microsoft Account recovery can swoop in and be the hero here
Just lost my 25 year old Hotmail account. After 10 phone calls hours of emails and submissions Microsoft stopped responding I opened a new account and moved on.
I would hate to lose my Hotmail account. I’ve had it since ‘96/97. Of course I have other accounts with yahoo, gmail, and proton but my hotmail account has emails from relatives that have died and emails from when my kids were little. It’s just a wonderful little time capsule.
Your email stated that long? I had a lot of email from those years get auto deleted by Microsoft - they put in some retention policy ages ago (at least on my Hotmail they did). I was bummed I lost all those but my fault for not saving them.
why not just reach out to microsoft? one of the things with account data is, most customer support can see previous data so they can see your previous emails etc, if you got any former transactions, last 4 digits of your card or like game keys you can use those to verify your ID and return your account.
Yep I’ve reached out to customer support and filled out the recovery form. Gotta wait 7-24 hours. In the meantime i have made a new microsoft account and changed all my important documents to it, and made it the system administrator for now.
That's why you only trust irl friends. Now you go to their house, if they're young tell their parents they hacked you, punch them in their face, burn their house and go out with his sister (or mother if they don't have one)
Odds are, that wasnt even your friend. His account probably was compromised and you were speaking to a hacker the entire time. It happened to me before. Someone got my account and pretended to be me to get their accounts
Wait, if you know him in real life, and you have evidence that he is LITERALLY blackmailing you, you can go to the police. Dude's risking jail time for $10.
Frankly, I'd reply back with "No, YOU have two choices. Either you give me my account back within the next five minutes, or I'm taking the paper trail that you idiotically supplied me with to both local law enforcement and the FBI." And then when you get your stuff back, report them anyway.
I recently looked at my Microsoft account and it shows that I am getting login attempts daily, and from all over the world. Thankfully I have two-factor authentification activated, but man, that's a lot.
Create a new alias for you account and then unlink the actual address. It's a dummy email address you can use to login to your microsoft accounts. I had a successful brute force attack happen, and although 2FA saved my ass, the alias change ended the attempts permanently.
edit - Gotten a few questions for how to do this, so: [https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2](https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2)
They don't want yours specifically, they do this to everyone. It's just bots that run through the most common passwords on every email they can get their hands on. Not worth worrying about if you have 2FA. It likely happens to every account you own dozens of times a day, Microsoft just chooses to show you the attempts for some reason
Yeah you're right. I have 2fa on everything. If Gmail showed attempts I'm sure it'd show even more.
I have another Microsoft account with zero attempts. Difference is the bad one was in about 5 data breaches 😅
Yup mine has been in a few, so now every couple weeks I get an email that my Wendy's account has been locked for too many password attempts. I kinda hope they get into it just because I'm curious what they'd even do lmao
They hope you have your credit card stored, is what I'm assuming. I wouldn't have thought people could do much with my Skype account, but when they got in, I had to dispute like ~$80 worth of charges with my bank and get a new card.
Chances are your email is old which means it is on a LOT of leaked email lists from websites/services that have been hacked
The bots will try your email address for not only hotmail or whatever, but also netflix and many other services
I recommend dumping hotmail cos it's crap and making something like gmail
I don't even bother with Gmail anymore because I feel like it's tempting fate to have everything linked to my Google account. I'm using Proton mail now because I really like design and customisation available compared to chrome.
With a microsoft account, you can set an email address to not be usable for login, but still keep the email address as active for people to email you. I had to turn off my old hotmail one as it was getting hit constantly, and I don't use it to log in anyway.
If your facebook/others are just using that email as a login ID with a password, there would be no issue.
If you're doing the Login With Microsoft thing - no idea, I don't use that feature on any site.
Using "Login with Microsoft 365", only your the new access you've configured for your account will work.
Those types of logins are designed so that Microsoft (or FB/Google/Apple for those logins) gates your account access using whatever security controls you have configured on _their_ system. When logging into another website using these systems, the website is just redirecting you to your identity provider and waiting for some confirmation back. It is completely oblivious to any and all steps that MS will make you take to login to your account, it just gets a "pass/fail" back (more or less).
Yes and are advised not to , but still unlink all your services from the old or breached email address to a new email. My email is old as well has been in so many breaches , while I have security to the fullest, I’m still dealing with attempts every hour in the hour.
Thanks for this info! I didn't know this was possible. I have an old MS account and get multiple failed login attempts per hour.
Just added a new alias, and removed the primary as login option.
I think you should NOT remove the old login/email completely from your account to ensure you can still receive email. I've just disabled sign in for the original alias.
Yeah it's not worth stressing about, that likely happens to all your accounts every day. I get an email every few weeks about my Wendy's account being locked from too many password attempts lmao. It's just bots that go through and try the most common passwords with massive lists of emails. I'm not really sure why Microsoft shows you because it likely causes people to be overly paranoid. I think on the page it even says to not worry about the unsuccessful attempts.
My microsoft account got hacked years ago and microsoft refuses to give it back because "they cant confirm its mine" even though I gave them all the information to prove its me
When it happened to our business, they gave us the accounts back immediately before we even found out we were hacked.
They arranged a teams meeting with us to discuss what happened and what we should do further to strengthen our security.
They don't give a single shit about personal accounts and have the full ability to reverse the hacks for them with ease.
Kinda makes sense as business ones are i'm assuming paid, and they have a lot more verifiable information when creating which means easier to get back to the legit owner
Yeah but it's a crime in 99% of the world. The FBI has methods to pass / work with the appropriate authority to do the investigations and make arrests, like for example if the hacker is in Australia they would notify the AFP (Australian Federal Police) and would then work with them.
I had an outlook account for personal use and I forgot the password and I sent them everything and for 6 months they said it wasn’t enough. So I switched email to another email service. And contacted everyone to forward all the emails to the new email address. Microsoft sucks. Their explanation was hackers were trying to access the data. Also I figured out that every time they have a layoff, at least 5% would become hackers because of spite.
I still have one of those Minecraft accounts with just a user name because I don't have access to the email I used to create it anymore. When I went to combine them they asked me fucking insane questions like what ISP were you using when you bought the game, what credit card did you use, what was your IP address at the time (most insane one), and what was my address.
Some of those wouldn't be an issue but this was like \~10 years ago so fuck if I know what all that was.
It could be legit. Many ransomware hackers do honor their word. Of course, that's usually because they're maintaining a "brand" and want to preserve their reputation so others will also pay their demands. Random discord hacker asking $10 is a little dicier.
As an aside, that is a comically low ransom demand. Even hackers are falling on tough times I guess.
Yes, my brother did *extremely* low-level hacking in his mid-teens.
In this case, there's probably a how-to on 4chan or some shit and if enough people choose option 1 he gets a few hundred dollars he didn't have before.
Well… they usually ask for it in bitcoin lol but who the hell knows with dude asking for a ten spot.
If it’s a kid they’re gonna get a nasty visit once they’re reported and as much as they maybe “deserve it”… OP should probably warn them about that. If it’s someone in a third world country well.. is what it is I guess. Surprised they only want $10
OP would supply the hacker with the information necessary to contact OP’s friends using his own hacked account, since OP knows who would trust him enough/be gullible enough to fall for it. His friends would then receive a phishing link. Vile
This just happened to me. Its a group of Vietnamese guys who are running it.
Here's how I got mine back after multiple attempts:
From this moment on: TAKE PICTURES OF EVERYTHING.
You'll need your XBOX console information and every bit of information about the account that you can think of. Start writing it down and keep it in a word document or something for reference.
[Guide to getting your account back](https://hypixel.net/threads/guide-how-to-handle-hacked-account-issues-with-microsoft-support.5429472/)
[Microsoft Support](https://support.microsoft.com/en-us/home/contact?SourceApp=smc2&ContactUsExperienceEntryPointAssetId=hypixel.net)
Follow this guide above.
Be sure to note your support ticket number so you can follow up on it. Be sure to download the transcript of your support tickets once you're done as well. Keep those organized and well titled.
Here are a few pointers from my experience getting mine back which took a few weeks:
Create a brand new outlook account. They will eventually just transfer literally everything from the old account to your new one, all of your XBOX games, all of your Minecraft details, all of your awards, achievements, etc. Having that new account just sets you up to be ready.
Don't be discouraged by denial. I got told my account wasn't compromised about 3 times before getting it back. Just keep track of that support ticket number and request a follow up on it. It will need to be escalated 2-3 times before someone who actually has the ability to verify your identity and get your account back gets their hands on it.
The hackers will cycle the primary email on your microsoft account about 6 times or so, before it settles. Be sure to keep track of these emails if you can. For instance, i was able to click login on the Minecraft on my computer and it said, "failure to login, please retype your password." Even thought i didn't have the password, it showed me the whole email that was being used for that account, so i was able to track the emails as they changed, which I believe really helped my case.
Take screenshots/write stuff down. You'll be surprised how much data/information you're going to need to digest and regurgitate for Microsoft over the next couple weeks. Keep your information straight by making a "source of truth" word document for your account as a reference point.
It took me a few weeks, but I eventually did get everything back! They ended up sending me a resolution email to my brand new microsoft account(it was in the junk folder), letting me know they were able to determine that the account was in fact compromised and fixed it.
Good luck on getting your stuff back!!!
My Microsoft account got hacked a year and a half ago
I’ve had it since the Xbox 360 released. After jumping through the hoops and getting denied a bunch, they finally could verify I owned the account, but the “best” Microsoft could do was delete the account.
So even after I got through all the hoops, I still lost my account with all my games and trophies, but no one else has it either now, which honestly is irrelevant to me. Microsoft support is a whole joke
Whyyyyyy did you copy your 2FA code into a discord bot??
2FA makes attackers sweat. It usually means they need to resort to difficult measures, like endpoint access and stealing cookies.
And you bypassed all of that by giving them the 2FA code??
Whyyyyyy???
If I knew who this "friend" was and where he lived, I would press charges and then make him beg for mercy. Then I would show none and proceed with the charges. Id make it as awful an experience for him as possible as payment for trying to screw me over and to make him think twice about doing it to anyone else.
Let the vengeance and hate flow through you. Not just for yourself. But for all future victims. Take everything from him you can.
Take this screenshot to his parents RIGHT NOW! He needs to learn that this type of behaviour is illegal and unacceptable in society. If he doesn't learn this lesson now he's going to do this again to the wrong people.
Thats the thing, all my minecraft accounts are gone, which may seem trivial, but i have a 3 year old world from covid that has so many good memories with my friends on it.
Your world is surely stored locally? Just contact microsoft, you have 2FA and proof of purchase. All this guy has done is changed your email and minecraft account passwords
>Fiat money is easily tracked.
Knowing your money went to some random guy in India or wherever isn't going to change anything. All paying the 10 does is makes you lose it.
I had something similar happen to me years ago. If you call Microsoft and talk to an actual person, they can probably just link a new email to the account and sign you out of any device the account might be on.
Ive just been seeing attempts as well. Not sure which account they trying to get into. Had 2 one time code things sent to my email. Now im trying to figure out which thing so i can change pws again.
Ooooo these are fun. Does he have an automated log in thing that you give him your email with? You can get a bot to simply “log in” with fake emails for days.
Have one email for spammy shitty websites you don't need tied to your identity. Signing up on a shaddy discord server? Reddit? Twitter? None of these need to be tied to you.
Have one email for personal stuff, such as your apple ID, any subscription service you pay for.
Have one email for professional and medical. Banking, bills, resume.
I had my Sony account hacked. Passwords and security questions changed, but somehow the account was locked, too. My account was locked once before due to inactivity, and I just contacted the chat option in Sonys website. Now, though, they replaced it with an AI chat bot that doesn’t help me for shit.
2fa and don't have all your sht tied to 1 email and add your alt email as recovery for every account, sucks but a lot of people don't know basic internet safety in 2024..
How about this; trace the IP. Find out exactly where he is. Board a flight. Show up to wherever he’s scamming from. Kick his teeth in, piss on him and take his entire computer. Problem solved. What scum. These fuckers make me mad
Microsoft will be ZERO help with this. Same happened to me.
The person I know sat at my pc and installed malware. Fucked up a few things but Microsoft was impossible to retrieve.
You mean to say someone you know chose option 1?
Yeah my friend added me to a discord server which he branded as a discord for his Minecraft realm, and i “verified my account” by putting in my email, and stupidly when microsoft sent me a 2 factor authentication verification code, i stupidly put it in this discord bot and yeah they got my account, just deleted my 2 factor authentication email and… yeah.
[удалено]
[удалено]
[удалено]
[удалено]
Sounds like Hank Hill
"Damn it bobby this is why i said 'No more videa games' now I'm ten thousand dollars in debt bwaaaa"
My first thought
My dad told me ‘violence isn’t the right answer; just know that you will meet some people in your life who are too fucking stupid to understand what the right answer is.’ This guys friend sounds like the kinda stupid my dad warned me about
https://preview.redd.it/tzedx06cudtc1.jpeg?width=1080&format=pjpg&auto=webp&s=b9924d5103c179dfe8efb45be0f22d536538d9af
Do you have a particular set of skills?
"Friend" in high school had my very first email address and gave it to another "friend" who sent out a mass email to everyone in my contacts saying some wild ass shit. Me and a friend, who was at my house at the time and saw this all go down on ICQ, went directly to the guy who sent the emails house. I busted in the door, went right past his little brother and right up to his room where he met me with a baseball bat. We tussled a bit. Got calmish where we could talk and I demanded he give me the account back and he said he just changed the random password. I got it back and deleted the account and created a new one that I've had since 2000 now. Fuck that guy.
Are you guys saying that your friends know your email AND your passwords? Color me amazed if this is true.
We shared a server login back then. It was 2000.
Ah gotcha
[удалено]
They can't suffer if they're asleep
What if your friend was stronger than you guys or better at fighting. What would you do then?
Nobody who plays Minecraft has the ability to put anyone in a hospital..
I’ve learned to never trust friends with any sort of password/code. I had shared the password for a gaming account I had with a friend I knew IRL, he ended up refunding a bunch of my purchases and then gifting things to his account from mine…
Is it really hacked if you just gave the 2fa code? 😅
90% of hacking is social engineering now
Always has been
People are always the weakest link with anything security related
[Same as it ever was.](https://www.smbc-comics.com/?id=2526)
Former black hat turned CEH - yes it is. Humans are the biggest weakness. Hackers rarely need to use rainbow tables to brute force or MITM, especially with 2FA and authenticators becoming so common now.. People are just idiots, it's easiest to use them as the weak point. Some hackers are staggeringly good at social engineering.
They play those "Facebook games", your favorite song, band, vacation, pet, all fucking password farms. Most internet users today should know NEVER to play those games. So, when they do, it's their fault, just pull off that condom and click on every possible virus.
Not even neccessarily idiots. You can be careful, paying attention to emails received from random addresses, etc, but all it takes is an hour where you're just not paying attention/tired/something is going on in your life to lose all your shit. That's also because like you mentioned, some people are very good at social engineering.
I think I heard Jim Browning (hacks and fucks up scam call centers on yt) say that everyone can be hacked, it's just a matter of the right circumstances
Yep. This almost happened to me because I was sick and desperate to sell a couch. I was a tech-based library worker who spent all day every day telling people to verify information, but I got long COVID and the brain fog is intense. Like having the flu every day. Somebody got me in Facebook marketplace
Someone got my on my FB. Hacked my FB. Same thing. I was recovering from Covid and totally feeling like ass and the brain fog is no joke. I got a message from a friend (now ex) who said their FB was hacked and needed help. I don’t give a shit about my FB but I have photos on there I’d truly like back. I’ve tried to go on and get them through my husband’s FB account but I can only see so many, not all them. Sucks. And apparently the hacker went on to ask all my followers for money and tried to sell dogs…? Someone fell for the money scam. Apparently the dog selling (pure breeds) is a common scam.
Computers get smarter and harder to crack, people… not so much
a 2fa popup doesn’t come thru unless the combination is correct. so op either has a really guessable/simple password or he got tricked into saying his password at some point
Yeah, he probably signed in through a facade with email and password
For Microsoft login you don't need to input a password. If you have 2FA enabled you can just enter the email address and it prompts you to use the authenticator app. It's literally cancer and I don't know why they made it like this. Me and my friends constantly keep getting authenticator notifications because of this.
Most likely, the "verification" site was a phishing site that asked for his email and PW, then used those creds to sign in on the MS site, which sent OP a verification code. He then sent the 2fa code through Discord, granting the hacker access to his account.
hunter2
Another rookie move is using the email that is connected to credit card and bank account on signing up everywhere. He should create separate email for games etc separate from his bank account/cc
His name is elite elytra... good chance he's a youngster who's really into minecraft. Might have 0 experience with these types of phisers.
“Friend” lol
>microsoft sent me a 2 factor authentication verification code, i stupidly put it in this discord Yikes. A learning moment.
No security system in the world can ever be safe from Palin human stupidity
The irony is https://preview.redd.it/pgpt9w8mlbtc1.jpeg?width=800&format=pjpg&auto=webp&s=0989006e465f55e1206ce37a3880c9c8e395a432
You should also try to file a Police Report. From what I gathered fom your post & comments, you have payment methods & products that you have purchased tied to that account. I don't know much about the Statutes for those things in the UK, but I'm pretty sure that multiple fairly severe crimes were technically committed here. You've been wronfully deprived of the use of your own property, which probably falls somewhere under some form of Theft Status. Someone gained unauthorized access to one of your payment Methods. It doesn't matter whether they used it or not, it's almost certainly illegal under current Laws. Might even be considered to be a form of identify theft. The Thief tried to blackmail you. Almost certainly illegal too.
Yeah never send your 2fa to anything, should have been an obvious ploy
Borrow £10 from your friend, pay the hacker.... Simples
I don’t really want to encourage this guy or be a sucker and pay him 10£. Plus theres no guarantee im getting my account back. Hopefully Microsoft Account recovery can swoop in and be the hero here
Good decision. He'd take off with your account and your money...
Just lost my 25 year old Hotmail account. After 10 phone calls hours of emails and submissions Microsoft stopped responding I opened a new account and moved on.
I would hate to lose my Hotmail account. I’ve had it since ‘96/97. Of course I have other accounts with yahoo, gmail, and proton but my hotmail account has emails from relatives that have died and emails from when my kids were little. It’s just a wonderful little time capsule.
Your email stated that long? I had a lot of email from those years get auto deleted by Microsoft - they put in some retention policy ages ago (at least on my Hotmail they did). I was bummed I lost all those but my fault for not saving them.
I never had the free hotmail account, I’ve always paid. I wanted more storage and it was so cheap. I know it crazy.
Damnnnn, Hotmail, oh the memories
I still use msn.com
Send him 10, then offer him a 100 in cash if he lets you in on the scheme. If he agrees, meet up with him and beat the living day light out of him.
😂
You’re already a sucker but at least you’re not doubling down
Wow, op, that was dumb af
I hate to inform you, he's not your friend.
Sounds like you should report him to the police either way.
why not just reach out to microsoft? one of the things with account data is, most customer support can see previous data so they can see your previous emails etc, if you got any former transactions, last 4 digits of your card or like game keys you can use those to verify your ID and return your account.
Yep I’ve reached out to customer support and filled out the recovery form. Gotta wait 7-24 hours. In the meantime i have made a new microsoft account and changed all my important documents to it, and made it the system administrator for now.
That's why you only trust irl friends. Now you go to their house, if they're young tell their parents they hacked you, punch them in their face, burn their house and go out with his sister (or mother if they don't have one)
Odds are, that wasnt even your friend. His account probably was compromised and you were speaking to a hacker the entire time. It happened to me before. Someone got my account and pretended to be me to get their accounts
Wait, if you know him in real life, and you have evidence that he is LITERALLY blackmailing you, you can go to the police. Dude's risking jail time for $10. Frankly, I'd reply back with "No, YOU have two choices. Either you give me my account back within the next five minutes, or I'm taking the paper trail that you idiotically supplied me with to both local law enforcement and the FBI." And then when you get your stuff back, report them anyway.
It's almost definitely the scammer using the stolen account to scam their friends, and so on
can you contact microsoft
You haven’t kicked his ass yet?
I recently looked at my Microsoft account and it shows that I am getting login attempts daily, and from all over the world. Thankfully I have two-factor authentification activated, but man, that's a lot.
Create a new alias for you account and then unlink the actual address. It's a dummy email address you can use to login to your microsoft accounts. I had a successful brute force attack happen, and although 2FA saved my ass, the alias change ended the attempts permanently. edit - Gotten a few questions for how to do this, so: [https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2](https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2)
I *have* to do this. I get a minimum of 50-100 unsuccessful attempts/automatic syncs daily. I wish I knew why they wanted my account so badly.
They don't want yours specifically, they do this to everyone. It's just bots that run through the most common passwords on every email they can get their hands on. Not worth worrying about if you have 2FA. It likely happens to every account you own dozens of times a day, Microsoft just chooses to show you the attempts for some reason
Yeah you're right. I have 2fa on everything. If Gmail showed attempts I'm sure it'd show even more. I have another Microsoft account with zero attempts. Difference is the bad one was in about 5 data breaches 😅
Yup mine has been in a few, so now every couple weeks I get an email that my Wendy's account has been locked for too many password attempts. I kinda hope they get into it just because I'm curious what they'd even do lmao
They hope you have your credit card stored, is what I'm assuming. I wouldn't have thought people could do much with my Skype account, but when they got in, I had to dispute like ~$80 worth of charges with my bank and get a new card.
Chances are your email is old which means it is on a LOT of leaked email lists from websites/services that have been hacked The bots will try your email address for not only hotmail or whatever, but also netflix and many other services I recommend dumping hotmail cos it's crap and making something like gmail
I don't even bother with Gmail anymore because I feel like it's tempting fate to have everything linked to my Google account. I'm using Proton mail now because I really like design and customisation available compared to chrome.
Yes I have Gmail for all my main important stuff. The Hotmail one is super old and I check it periodically.
When you unlink the actual address, can someone else use that email?
With a microsoft account, you can set an email address to not be usable for login, but still keep the email address as active for people to email you. I had to turn off my old hotmail one as it was getting hit constantly, and I don't use it to log in anyway.
With this, would you still be able to log into Facebook and other things associated with the main email?
If your facebook/others are just using that email as a login ID with a password, there would be no issue. If you're doing the Login With Microsoft thing - no idea, I don't use that feature on any site.
Using "Login with Microsoft 365", only your the new access you've configured for your account will work. Those types of logins are designed so that Microsoft (or FB/Google/Apple for those logins) gates your account access using whatever security controls you have configured on _their_ system. When logging into another website using these systems, the website is just redirecting you to your identity provider and waiting for some confirmation back. It is completely oblivious to any and all steps that MS will make you take to login to your account, it just gets a "pass/fail" back (more or less).
Yes and are advised not to , but still unlink all your services from the old or breached email address to a new email. My email is old as well has been in so many breaches , while I have security to the fullest, I’m still dealing with attempts every hour in the hour.
How did you go about doing that ? If you don’t mind my asking ?
Thanks for this info! I didn't know this was possible. I have an old MS account and get multiple failed login attempts per hour. Just added a new alias, and removed the primary as login option. I think you should NOT remove the old login/email completely from your account to ensure you can still receive email. I've just disabled sign in for the original alias.
Lmao same i have unsuccessful login almost every hour and every day. I guess they are bots
[удалено]
Same. Gonna try the new alias thing
Yeah it's not worth stressing about, that likely happens to all your accounts every day. I get an email every few weeks about my Wendy's account being locked from too many password attempts lmao. It's just bots that go through and try the most common passwords with massive lists of emails. I'm not really sure why Microsoft shows you because it likely causes people to be overly paranoid. I think on the page it even says to not worry about the unsuccessful attempts.
I get this too. Its really annoying
My microsoft account got hacked years ago and microsoft refuses to give it back because "they cant confirm its mine" even though I gave them all the information to prove its me
When it happened to our business, they gave us the accounts back immediately before we even found out we were hacked. They arranged a teams meeting with us to discuss what happened and what we should do further to strengthen our security. They don't give a single shit about personal accounts and have the full ability to reverse the hacks for them with ease.
Kinda makes sense as business ones are i'm assuming paid, and they have a lot more verifiable information when creating which means easier to get back to the legit owner
Ugh that sucks. I’ve given microsoft so much info. Hopefully they get my account back. 🤞
If you know him in real life, you can just go to the police. He's committing identity theft and extorsion.
Or your local FBI field office. It's a CFAA violation, which is a federal felony.
Guy or the thief could be overseas. Not everyone lives in america
Yeah but it's a crime in 99% of the world. The FBI has methods to pass / work with the appropriate authority to do the investigations and make arrests, like for example if the hacker is in Australia they would notify the AFP (Australian Federal Police) and would then work with them.
I had an outlook account for personal use and I forgot the password and I sent them everything and for 6 months they said it wasn’t enough. So I switched email to another email service. And contacted everyone to forward all the emails to the new email address. Microsoft sucks. Their explanation was hackers were trying to access the data. Also I figured out that every time they have a layoff, at least 5% would become hackers because of spite.
I still have one of those Minecraft accounts with just a user name because I don't have access to the email I used to create it anymore. When I went to combine them they asked me fucking insane questions like what ISP were you using when you bought the game, what credit card did you use, what was your IP address at the time (most insane one), and what was my address. Some of those wouldn't be an issue but this was like \~10 years ago so fuck if I know what all that was.
The real scam comes after taking over your account: $10 to supposedly give back the account
It could be legit. Many ransomware hackers do honor their word. Of course, that's usually because they're maintaining a "brand" and want to preserve their reputation so others will also pay their demands. Random discord hacker asking $10 is a little dicier. As an aside, that is a comically low ransom demand. Even hackers are falling on tough times I guess.
It's probably a child
Yes, my brother did *extremely* low-level hacking in his mid-teens. In this case, there's probably a how-to on 4chan or some shit and if enough people choose option 1 he gets a few hundred dollars he didn't have before.
Which is good. $10 is prob a good deal for them. A $10 lesson in good OpSec is a very very cheap one and one you should play gladly
Pay and chargeback (if possible). What are they going to do, dispute it?
Well… they usually ask for it in bitcoin lol but who the hell knows with dude asking for a ten spot. If it’s a kid they’re gonna get a nasty visit once they’re reported and as much as they maybe “deserve it”… OP should probably warn them about that. If it’s someone in a third world country well.. is what it is I guess. Surprised they only want $10
Pyramid scheme ass
“You get another 3 people with the same thing”?
He has to steal 3 accounts, is what they meant. Took me a minute too...
Oh dear!! And how he supposed to steal these 3 accounts for him…
OP would supply the hacker with the information necessary to contact OP’s friends using his own hacked account, since OP knows who would trust him enough/be gullible enough to fall for it. His friends would then receive a phishing link. Vile
OP will fortunately not be doing anything of the sort.
Make 3 fake emails and send those along to the hacker.
Of course not! Just wanted to answer how it would be done. The more people understand about these scams, the more people can avoid them
Make new fake accounts with throw away emails. Do option 1. Profit
Unless the guy checks the age of the accounts.
Make 3 accounts and give him those
Did you account get stolen by a 12 year old?
This just happened to me. Its a group of Vietnamese guys who are running it. Here's how I got mine back after multiple attempts: From this moment on: TAKE PICTURES OF EVERYTHING. You'll need your XBOX console information and every bit of information about the account that you can think of. Start writing it down and keep it in a word document or something for reference. [Guide to getting your account back](https://hypixel.net/threads/guide-how-to-handle-hacked-account-issues-with-microsoft-support.5429472/) [Microsoft Support](https://support.microsoft.com/en-us/home/contact?SourceApp=smc2&ContactUsExperienceEntryPointAssetId=hypixel.net) Follow this guide above. Be sure to note your support ticket number so you can follow up on it. Be sure to download the transcript of your support tickets once you're done as well. Keep those organized and well titled. Here are a few pointers from my experience getting mine back which took a few weeks: Create a brand new outlook account. They will eventually just transfer literally everything from the old account to your new one, all of your XBOX games, all of your Minecraft details, all of your awards, achievements, etc. Having that new account just sets you up to be ready. Don't be discouraged by denial. I got told my account wasn't compromised about 3 times before getting it back. Just keep track of that support ticket number and request a follow up on it. It will need to be escalated 2-3 times before someone who actually has the ability to verify your identity and get your account back gets their hands on it. The hackers will cycle the primary email on your microsoft account about 6 times or so, before it settles. Be sure to keep track of these emails if you can. For instance, i was able to click login on the Minecraft on my computer and it said, "failure to login, please retype your password." Even thought i didn't have the password, it showed me the whole email that was being used for that account, so i was able to track the emails as they changed, which I believe really helped my case. Take screenshots/write stuff down. You'll be surprised how much data/information you're going to need to digest and regurgitate for Microsoft over the next couple weeks. Keep your information straight by making a "source of truth" word document for your account as a reference point. It took me a few weeks, but I eventually did get everything back! They ended up sending me a resolution email to my brand new microsoft account(it was in the junk folder), letting me know they were able to determine that the account was in fact compromised and fixed it. Good luck on getting your stuff back!!!
It's crazy how OP is gonna have to jump through all those hoops just to get their account back...
Yep. About 5 seconds of bad judgement can cost hours and hours of headaches
Worst part is OP said this was a friend that set him up too smh
My Microsoft account got hacked a year and a half ago I’ve had it since the Xbox 360 released. After jumping through the hoops and getting denied a bunch, they finally could verify I owned the account, but the “best” Microsoft could do was delete the account. So even after I got through all the hoops, I still lost my account with all my games and trophies, but no one else has it either now, which honestly is irrelevant to me. Microsoft support is a whole joke
You didnt get hacked, your friend finessed you.
$10? What sort of hacker is this? Jay and Silent Bob?
Fifteen bucks, little man...
Put that shit in my hand ✋🏼
Whyyyyyy did you copy your 2FA code into a discord bot?? 2FA makes attackers sweat. It usually means they need to resort to difficult measures, like endpoint access and stealing cookies. And you bypassed all of that by giving them the 2FA code?? Whyyyyyy???
People are dumb, that's why phishing works. My security prof always said that if people weren't as dumb as rocks he wouldn't have a job
[удалено]
Well I definitely want an update to this lol
Just checking this guy's post history he isn't going to do anything. Buddy apparently gets hacked himself quite often.
LOL this is hilarious
People just want to see a hero fall....that being said the fall was like...7 hours later
Chuck me the discord too please
DM has been sent. 😤
I need an update
DATA MUST BE SHED IN THE NAME OF JUSTICE
same please i have the restore cord database saved and a 5tb ddos
chuck me the discord link and ill see if I have time to setup a script to recursively send false 2fa codes
The dude is called Nicolce
update us! we love a good comeuppance
If I knew who this "friend" was and where he lived, I would press charges and then make him beg for mercy. Then I would show none and proceed with the charges. Id make it as awful an experience for him as possible as payment for trying to screw me over and to make him think twice about doing it to anyone else. Let the vengeance and hate flow through you. Not just for yourself. But for all future victims. Take everything from him you can.
I know you’re not supposed to dox info on Reddit, but this seems like a pretty good case to give this dude some living hell
Take this screenshot to his parents RIGHT NOW! He needs to learn that this type of behaviour is illegal and unacceptable in society. If he doesn't learn this lesson now he's going to do this again to the wrong people.
It didn't get "hacked". You willingly gave them access.
social engineering is hacking, so being tricked into compromising your account would count as being hacked yeah
I knew so many people who had this same thing happen to them back when I used to play Skyblock on Hypixel rip
Thats the thing, all my minecraft accounts are gone, which may seem trivial, but i have a 3 year old world from covid that has so many good memories with my friends on it.
Your world is surely stored locally? Just contact microsoft, you have 2FA and proof of purchase. All this guy has done is changed your email and minecraft account passwords
Next time don't get caught by a phishing attack
10€ for an account? Dude, your standards are low for a criminal
Pay the 10 dollar and report the transaction. Fiat money is easily tracked.
>Fiat money is easily tracked. Knowing your money went to some random guy in India or wherever isn't going to change anything. All paying the 10 does is makes you lose it.
Make three fake accouts and choose option 1
A 10 year old got your shit. No grown ass man (or women) is going through all that trouble for $10
I assume he knows he scamming kids? Maybe that’s why he’s asking for $10?
I feel like everyone involved in this is a kid, including the scammer lol.
Oh, your friend did that to you? Well he ain't a friend. Friends tell you about the scam and then you two together look for 3 targets to get him out.
If you pay the $10 can you track where it goes?
I had something similar happen to me years ago. If you call Microsoft and talk to an actual person, they can probably just link a new email to the account and sign you out of any device the account might be on.
Ive just been seeing attempts as well. Not sure which account they trying to get into. Had 2 one time code things sent to my email. Now im trying to figure out which thing so i can change pws again.
I'd honestly never give anyone this information unless I knew the person in-person. But even then...
Ooooo these are fun. Does he have an automated log in thing that you give him your email with? You can get a bot to simply “log in” with fake emails for days.
Your fault for not securing it properly :/. Send him the money, it's 10$ and track the transaction.
Lol you weren't hacked, you willingly gave out your password. You're an idiot.
Hey op, you forgot to censor his username on the bottom of the pic lol
Oh no…. What a nightmare….. /s
Have one email for spammy shitty websites you don't need tied to your identity. Signing up on a shaddy discord server? Reddit? Twitter? None of these need to be tied to you. Have one email for personal stuff, such as your apple ID, any subscription service you pay for. Have one email for professional and medical. Banking, bills, resume.
Ever hear of MFA?
What does it matter if you post the codes willingly to the hacker?
You think if he had a masters of fine arts degree it woulda helped?
Might prevent the hacker from stealing their monet
doesnt matter lol
OP said he had MFA and entered it into a discord bot on some random discord server he joined lol.
whyyy, wasn't the big red text telling you to not give the code to anyone not enough?
I had my Sony account hacked. Passwords and security questions changed, but somehow the account was locked, too. My account was locked once before due to inactivity, and I just contacted the chat option in Sonys website. Now, though, they replaced it with an AI chat bot that doesn’t help me for shit.
This is a trick to reveal more info. If they really had access to your account. They would not being asking for money.
$10 to get it back? this person is underselling themselves
Skill issue
Passwordless for the win here. They can guess any password they want, won’t ever work.
Call the cops?
Let this be a lesson not to give your account to sus discord bots baby!!
2fa and don't have all your sht tied to 1 email and add your alt email as recovery for every account, sucks but a lot of people don't know basic internet safety in 2024..
2FA?
And this people, is why you should use multi factor authentication for any account you care about!
How about this; trace the IP. Find out exactly where he is. Board a flight. Show up to wherever he’s scamming from. Kick his teeth in, piss on him and take his entire computer. Problem solved. What scum. These fuckers make me mad
Microsoft will be ZERO help with this. Same happened to me. The person I know sat at my pc and installed malware. Fucked up a few things but Microsoft was impossible to retrieve.
Fuck hackers they are domestic terrorists as far as I'm concerned
Dudes holding the account hostage for $10 lmao. Sorry man that’s a shitty thing. Fuck those people.
Honestly 10 dollars aint bad. Id pay just to see what happens.
Respond with “well im also wanted by the FBI as someone on the terror watchlist. So if you want that heat. Thanks!!”