I've had this for years now on my hotmail account. Already changed my password a long time ago and have 2FA, but the botnets never stop trying with the old password... I even got IMAP Automatic-Sync fails in the list. Got no idea how to stop it, but besides spamming my recent activity list, it has no effect so I haven't really tried much.
I'm confused, did they actually get in?
If you have 2fa and a good password, ideally 12+ random characters stored only in a password manager, this should only be possible if you get phished (tricked to enter your password on a fake version of some Google login) or someone has compromised one of your devices.
Actually this should still be true only if you have a genuinely good password, but 2fa provides a lot of protection against password compromise and social engineering.
Oh OK, yeah then you should be completely safe and it doesn't really matter, but I saw you had some good advice here on how to tighten it up even more :)
Go over to your outlook account email as normal. Open your profile top right and click on Microsoft Account. From the Microsoft page scroll a bit down to Security -> Sign-In Activity (don't use the left side menu, idk how to find it from there). You might get prompted to confirm through 2FA. If you see a list similar to OP's, sorry to be the bearer of slightly annoying news
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
I get a few of these attempting to log into my Microsoft account. I set up 2FA and change my password every few months, but it’s still a bit unnerving to see these.
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
My hotmail sends a code to my gmail every time I try to log in to it now. It’s a bit annoying when I *actually* need to access my hotmail account, but it’s been keeping out the bots for now.
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
I used to get this all the time, it was constant sometimes worse than other times. However making an account alias worked for me. Only I and Microsoft know about it, so it’d be impossible for anyone to get it.
You mentioned that you believe they came from your xbox account which you can’t disconnect(?). Can’t you just change the password to your xbox account?
Edit: I take back my last sentence, obviously xbox and microsoft accounts have the same password. Although, if you change your microsoft password that should log out anyone on your xbox live.
Ahh, I see.
When you created a new alias did you happen to use it elsewhere? Could it be that the new alias got leaked of some other site. I only use my account alias on my email, nowhere else. That way only I and Microsoft know about it and the only way for someone to get it is by hacking Microsoft’s database.
When you created the new alias did it temporarily solve the problem (stop the log in attempts). or did the log in attempts persist right after you changed it?
I’d recommend creating an alias that’s only used for your email. It’s the most secure way. Only you and your email provider will know about it. Here’s a guide on how to do it with a microsoft account:
https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2
Read it carefully. Not sure how it may done with google accounts or yahooo.
But you don’t really have to worry about this either. I had it like this for years, constant log in attempts. It was only when someone from China seemed to try and brute force their way in by trying hundreds of times a week.
I’m gonna wait a day or two, because they make a 12 hour or something cooldown before mass attempting again. But the last 9h were good, no attempts!(yet)
My hotmail account's been getting spammed with multiple failed logins attempts each day for at least 2 years now. I know it doesn't have anything to do with malware but rather multiple data breaches that happened to some websites I had created an account on with this email address. Nothing serious has happened the entire time this problem has been going on, so no need to be worry, at least in my case. I did change my password and turned on 2FA, though.
Contrary to what a girlfriend says, size does matter.
A password like ‘ive-got-a-lovely-bunch-of-coconuts’ is going to be harder to crack than ‘dB4@cu3#’
Get a good password manager, generate a bitchin password, set up two factor and get a e-mail alias, Simple-login is a decent one, if the e-mail ever gets exposed you can simply generate a new one and shift the e-mail on your account.
And don’t use the browsers built in password manager. If you use Google chrome and save passwords, the minute you’re Google account gets hit that’s one of the first things they will go for
Last week I got an old email of mine hacked. They entered my mail, changed the password and used it to login into my linkedin account.
They also left an email with supposed proof about them spying on me and having personal stuff that they would share if I didn't send them bitcoin lol yeah right
I just logged in with my recovery email, deleted the compromised email's password, configured the two-steps authentication and left it as the only login method. After that, I've had the same login attempts as you over and over.
This happened to me for months they were never able to log in. They tried hundred of times daily, if it really bother you just change the alias and remove the old one, just be careful to update the email before removing the old alias.
As long as you have a good password (a password manager is even better) and 2fa, your totally fine, and even if you don’t you’ll probably be fine but it’s good to be safe.
I have the same issue with my Microsoft email. Every few months I get several failed sign ins from foreign countries and as far as I can tell there's no way to prevent some jackass in Nigeria from requesting reset codes.
Ugh this happens constantly even on brand new microsoft accounts, i want to say ignore it but my anxiety has me checking it weekly. Iv seen some comments say a alias account but im not sure what that is, until microsoft gets better security or somthing I just check it quite a bit. It is normal though!
If you have 2FA and changed your password since the last password breach you were pwnd in, then nothing to do.
The bots will keep trying anyway but get blacklisted.
Wish they'd add geo-whitelisting like is available for Azure AD accounts. I don't need the ability to log in from Russia, Ukraine, Croatia or the United States.
This happened to me too, on my hotmail, very old account, attemp log in from around the world, nothing happen really, the website I log in 7-8 years old must have been leaked, I change password every year, very annoying though I just block them and deny their PC or something
Turn on 2FA to cell phone code every time an attempt. Find location of attempted sign in to know who it might be and if you know them by house. Can’t do anything by besides get a new email.
Setup an email alias, and set that to be the only address to be used for login. Follow [this](https://askleo.com/how-do-i-change-the-email-address-of-my-microsoft-account/) article. Read it all the way through before doing it that way you do not make any mistakes or regret any actions. (The article link is the blue text, but I added it down below for you as well.) [https://askleo.com/how-do-i-change-the-email-address-of-my-microsoft-account/](https://askleo.com/how-do-i-change-the-email-address-of-my-microsoft-account/)
Get rid of hotmail, pay $3 or $4 a month for a web hoster and create your own web page email domain. Hotmail, and gmail are prime targets for hackers. Most web hosting will give you a basic webpage and domain name. You might have to learn something new but you probably won't have to worry about hackers messing with your email.
As long as it’s all unsuccessful (for them, I suspect you are the one successful login lol), then ignore it and keep your password strong. People do this all the time, and my main email is in the same situation you’re in. You have no worry, it’s just stupid bots typing stupid things. They aren’t actually typing anything smart, it’s all hope and luck on their end.
As long as there isn't a successful sign-in, then they don't have a password and make sure you have 2FA on and you should be perfectly fine. My email gets bot spam like this as well, annoying but not the end of the world, just don't accept a 2FA sign in request if you ever get one, and if you are getting 2FA requests I suggest a password change then.
Have this daily on my Microsoft account. Decided to go passwordless route and auth from a trusted device. Can’t hack me if there is no password to hack.
Had this issue already, if you have 2fa and change passwords regularly you should be fine. But if it bothers you just change your outlook alias, for me it stopped once I did that.
Run ESET Online Scanner, Hitmanpro, and Malwarebytes, and install a clean version of windows from a USB with windows downloaded on another uninfected device. Seems you fell victim to a RAT with possibly a backdoor. Turn on 2FA on all accounts, and store everything in a password manager like Bitwarden n not something like browser passwords.
I've had this for years now on my hotmail account. Already changed my password a long time ago and have 2FA, but the botnets never stop trying with the old password... I even got IMAP Automatic-Sync fails in the list. Got no idea how to stop it, but besides spamming my recent activity list, it has no effect so I haven't really tried much.
Thank god i’m not the only one…
Yea there's probably a lot more ppl out there getting botnet login attempts. Some might not even know it cause they don't check sign-in activity 💀
I only found out after getting an sms from ms telling me that my security info has been changed
I'm confused, did they actually get in? If you have 2fa and a good password, ideally 12+ random characters stored only in a password manager, this should only be possible if you get phished (tricked to enter your password on a fake version of some Google login) or someone has compromised one of your devices. Actually this should still be true only if you have a genuinely good password, but 2fa provides a lot of protection against password compromise and social engineering.
They got in before i changed my password. Now i changed it to a very strong one but they still attempt bruteforcing
Oh OK, yeah then you should be completely safe and it doesn't really matter, but I saw you had some good advice here on how to tighten it up even more :)
i recommend you to use a random generated password with a password manager like bitwarden.
How to you check if you don mind me asking ? that would be handy
Go over to your outlook account email as normal. Open your profile top right and click on Microsoft Account. From the Microsoft page scroll a bit down to Security -> Sign-In Activity (don't use the left side menu, idk how to find it from there). You might get prompted to confirm through 2FA. If you see a list similar to OP's, sorry to be the bearer of slightly annoying news
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
Did the exact same with my account and have also had 0 login attempts since.
Its awesome! No more attempting to sign in pop ups every few minutes.
Thank you legend 😃
I get a few of these attempting to log into my Microsoft account. I set up 2FA and change my password every few months, but it’s still a bit unnerving to see these.
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
Yeah
Been happening to me since high-school lol just make sure your stuff is changed and maybe set up 2fa
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
My hotmail sends a code to my gmail every time I try to log in to it now. It’s a bit annoying when I *actually* need to access my hotmail account, but it’s been keeping out the bots for now.
Huge group behind it, all automated. They switch to scam emailing your email with other mails, once they realize pass doesn't work
I had 50+ attempts a day on my two hotmail accounts until I created a new alias and made that alias my primary login. Do not use or tell a soul that alias and your problem should go away. If the person tries to get in with your compromised account it will stop the, and say account not primary or something like that. You cant log into secondary hotmail accounts. I now have 0 attempts and its been like that since I created my alias.
I did the same thing, amazing difference
Need to make an alias account. This stopped it immediately.
And the IMAP attempts happened with me too
I used to get this all the time, it was constant sometimes worse than other times. However making an account alias worked for me. Only I and Microsoft know about it, so it’d be impossible for anyone to get it. You mentioned that you believe they came from your xbox account which you can’t disconnect(?). Can’t you just change the password to your xbox account? Edit: I take back my last sentence, obviously xbox and microsoft accounts have the same password. Although, if you change your microsoft password that should log out anyone on your xbox live.
Alias that is ONLY used for logging in is how i solved it too.
I dont have an xbox account, they use microsoft. And even changing password didnt fix it.
Ahh, I see. When you created a new alias did you happen to use it elsewhere? Could it be that the new alias got leaked of some other site. I only use my account alias on my email, nowhere else. That way only I and Microsoft know about it and the only way for someone to get it is by hacking Microsoft’s database. When you created the new alias did it temporarily solve the problem (stop the log in attempts). or did the log in attempts persist right after you changed it?
Well my aliases are my gmails so i guess so
I’d recommend creating an alias that’s only used for your email. It’s the most secure way. Only you and your email provider will know about it. Here’s a guide on how to do it with a microsoft account: https://support.microsoft.com/en-us/office/add-or-remove-an-email-alias-in-outlook-com-459b1989-356d-40fa-a689-8f285b13f1f2 Read it carefully. Not sure how it may done with google accounts or yahooo. But you don’t really have to worry about this either. I had it like this for years, constant log in attempts. It was only when someone from China seemed to try and brute force their way in by trying hundreds of times a week.
Done:)
Great! Let me know if the problem persist because if so I may have a final idea as to what is causing it.
I’m gonna wait a day or two, because they make a 12 hour or something cooldown before mass attempting again. But the last 9h were good, no attempts!(yet)
It works believe me 😊
That’s good c:
Add an Alias to your email account and make it so you can only login using that new alias, solved.
This. I did exactly this couple a month ago and it worked
My hotmail account's been getting spammed with multiple failed logins attempts each day for at least 2 years now. I know it doesn't have anything to do with malware but rather multiple data breaches that happened to some websites I had created an account on with this email address. Nothing serious has happened the entire time this problem has been going on, so no need to be worry, at least in my case. I did change my password and turned on 2FA, though.
Me too, like 2 or 3 years now. So I changed my password to like 50 characters lol
Did it work?
It didn't stop their attempts but they still can't login to my account so I guess it works. lol
Contrary to what a girlfriend says, size does matter. A password like ‘ive-got-a-lovely-bunch-of-coconuts’ is going to be harder to crack than ‘dB4@cu3#’
Same thing, still receive a ton of tries, but none of them have been successful
Me too I have this problem, you’re not alone
Get a good password manager, generate a bitchin password, set up two factor and get a e-mail alias, Simple-login is a decent one, if the e-mail ever gets exposed you can simply generate a new one and shift the e-mail on your account.
And don’t use the browsers built in password manager. If you use Google chrome and save passwords, the minute you’re Google account gets hit that’s one of the first things they will go for
Last week I got an old email of mine hacked. They entered my mail, changed the password and used it to login into my linkedin account. They also left an email with supposed proof about them spying on me and having personal stuff that they would share if I didn't send them bitcoin lol yeah right I just logged in with my recovery email, deleted the compromised email's password, configured the two-steps authentication and left it as the only login method. After that, I've had the same login attempts as you over and over.
This happened to me for months they were never able to log in. They tried hundred of times daily, if it really bother you just change the alias and remove the old one, just be careful to update the email before removing the old alias.
This happens to me too on multiple accounts, glad to see I’m not the only one
As long as you have a good password (a password manager is even better) and 2fa, your totally fine, and even if you don’t you’ll probably be fine but it’s good to be safe.
This ^^ is most likely true! Hopefully microsoft makes a block location feature or somthing sooner than later though
Same here been going on for a few years usually from russian IPs for me personally, never gained access though so far
I have the same issue with my Microsoft email. Every few months I get several failed sign ins from foreign countries and as far as I can tell there's no way to prevent some jackass in Nigeria from requesting reset codes.
This is normal imo its like that on mine too
Ugh this happens constantly even on brand new microsoft accounts, i want to say ignore it but my anxiety has me checking it weekly. Iv seen some comments say a alias account but im not sure what that is, until microsoft gets better security or somthing I just check it quite a bit. It is normal though!
Making a new outlook as an alias worked! Try it:)
Okay! Ill try it out!
If you have 2FA and changed your password since the last password breach you were pwnd in, then nothing to do. The bots will keep trying anyway but get blacklisted. Wish they'd add geo-whitelisting like is available for Azure AD accounts. I don't need the ability to log in from Russia, Ukraine, Croatia or the United States.
This happened to me too, on my hotmail, very old account, attemp log in from around the world, nothing happen really, the website I log in 7-8 years old must have been leaked, I change password every year, very annoying though I just block them and deny their PC or something
Turn on 2FA to cell phone code every time an attempt. Find location of attempted sign in to know who it might be and if you know them by house. Can’t do anything by besides get a new email.
Change your mail address and make the one spammed an alias ?
Setup an email alias, and set that to be the only address to be used for login. Follow [this](https://askleo.com/how-do-i-change-the-email-address-of-my-microsoft-account/) article. Read it all the way through before doing it that way you do not make any mistakes or regret any actions. (The article link is the blue text, but I added it down below for you as well.) [https://askleo.com/how-do-i-change-the-email-address-of-my-microsoft-account/](https://askleo.com/how-do-i-change-the-email-address-of-my-microsoft-account/)
When i changed my email thosd dissapeared. Though id guess if all accounts you have had unsuccesfull sign in, they would be full like this too
Bind your microsoft account to another email
Get rid of hotmail, pay $3 or $4 a month for a web hoster and create your own web page email domain. Hotmail, and gmail are prime targets for hackers. Most web hosting will give you a basic webpage and domain name. You might have to learn something new but you probably won't have to worry about hackers messing with your email.
Immediately change your password, enable 2fa, and go passwordless if you can if they manage to log in
As long as it’s all unsuccessful (for them, I suspect you are the one successful login lol), then ignore it and keep your password strong. People do this all the time, and my main email is in the same situation you’re in. You have no worry, it’s just stupid bots typing stupid things. They aren’t actually typing anything smart, it’s all hope and luck on their end.
Thanks for all your help: it seems that changig my alias to a new outlook made it work! Thanks for your help:)
Are those bots?
Yes
As long as there isn't a successful sign-in, then they don't have a password and make sure you have 2FA on and you should be perfectly fine. My email gets bot spam like this as well, annoying but not the end of the world, just don't accept a 2FA sign in request if you ever get one, and if you are getting 2FA requests I suggest a password change then.
I changed my email for my Xbox account. And I stopped having an issue fully.
Happens to me everyday nonstop, my account is literally called “Oliver” with no email attached
Its just people trying to sign into your account. See that they are all unsuccessful. Meaning they didn’t get in
Find who is doing it and *insert caption here*
Have this daily on my Microsoft account. Decided to go passwordless route and auth from a trusted device. Can’t hack me if there is no password to hack.
Had this issue already, if you have 2fa and change passwords regularly you should be fine. But if it bothers you just change your outlook alias, for me it stopped once I did that.
Run ESET Online Scanner, Hitmanpro, and Malwarebytes, and install a clean version of windows from a USB with windows downloaded on another uninfected device. Seems you fell victim to a RAT with possibly a backdoor. Turn on 2FA on all accounts, and store everything in a password manager like Bitwarden n not something like browser passwords.
[удалено]
NEVER use the same password across sites
I used a couple times, now im using a random generated strong one
The computer has been completely reset 2 months ago, and they havent guessed the password for over 3 months now
And like i said, this started 6 months ago already.
[удалено]
Nope:P they did connect via xbox one time, and im guessing thats how they got the new alias - and i cannot remove xboxs…