Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account. When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA. Thinking of going through and buying a physical key like yubico to further secure my account. Any tips are appreciated.

  • Transporter Room 3@startrek.website
    5·
    9 months ago

    I got a notification from my original Xbox account from 2008 saying someone had managed to crack the password and needed the 2fa code.

    I went to check on sign in activity and holy shit I knew that email account had been leaked long ago but I was not prepared for dozens to hundreds of sign-in attempts EVERY SINGLE DAY, from all over the world (at least I assume places that are popular VPN outlets)

    That account doesn’t have a single thing on it. No games, no cards, it was never even connected to the internet except the rare occasion when I was at a friend’s house. And I don’t re-use passwords except on throwaway accounts. So they would have been quite disappointed by it.

    But just to be sure I changed the password again on all my big accounts or accounts with cards attached just in case.