Fortinbras
Member
Yesterday I got a text message from Microsoft that informed me about suspicious activity regarding my Microsoft account. I immediately logged into my account and noticed that someone in China had logged into my account successfully the day before.
Thankfully nothing was changed. I updated my password and checked if any money was missing. There wasn't.
I was surprised because I always used unique ID/password combinations and I didn't use the same passwords on different services. For some services like Xbox I use an email which I don't use anywhere else. I always enable two factor authentication if available. Both my Microsoft account and my Gmail were secured with 2FA since the day Goggle and Microsoft started offering these security options.
I started looking through the whole activity log and noticed several failed login attempts in the last two weeks. The hacker never used my email (Microsoft ID).
I searched Google and saw that this is happening to Skype users since August.
Simply put it is possible to log into a Microsoft account via a Skype alias, bypassing 2FA completely.
This can happen when your Microsoft account is linked to a Skype account. All the old Skype login information still works after the accounts were linked. To secure your Microsoft account you have to deactivate your Skype alias manually.
The Verge explains it better:
http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack
Even after checking my emails on haveibeenpwned.com I have no idea how someone got my Skype login.
I don't even know what to say to this. I guess: Check your accounts!
EDIT: Go to
https://account.live.com/Activity
If there's something suspicious, read the Verge article.
Thankfully nothing was changed. I updated my password and checked if any money was missing. There wasn't.
I was surprised because I always used unique ID/password combinations and I didn't use the same passwords on different services. For some services like Xbox I use an email which I don't use anywhere else. I always enable two factor authentication if available. Both my Microsoft account and my Gmail were secured with 2FA since the day Goggle and Microsoft started offering these security options.
I started looking through the whole activity log and noticed several failed login attempts in the last two weeks. The hacker never used my email (Microsoft ID).
I searched Google and saw that this is happening to Skype users since August.
Simply put it is possible to log into a Microsoft account via a Skype alias, bypassing 2FA completely.
This can happen when your Microsoft account is linked to a Skype account. All the old Skype login information still works after the accounts were linked. To secure your Microsoft account you have to deactivate your Skype alias manually.
The Verge explains it better:
http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack
Even after checking my emails on haveibeenpwned.com I have no idea how someone got my Skype login.
I don't even know what to say to this. I guess: Check your accounts!
EDIT: Go to
https://account.live.com/Activity
If there's something suspicious, read the Verge article.