Recently I got two emails from Microsoft outlook team sayingthey have detected somethingunusual about a recent sign-in to my Microsoft account. The emails advised to changemy password if this was not me. When I looked up my account, following IPaddresses were used to attempt to login: 157.56.237.101 = successful sign-in 157.56.244.37 = security challenge 157.56.234.5 = security challenge After a little research I found out that all these IPaddresses belong to Microsoft. Now I have two questions: Why did they failed to login my account at their firstattempt? What information, if any, they have about my account as itseems that login was done after entering security challenge question? Or, is this another person using Microsoft IP address? Thanks
It is perhaps someone trying to log into your account, not Microsoft. I would change my password and security detailts just to be safe and I would advise you to keep in touch with the Outlook team just to follow up on this.
Yes, I am using my online account to login with two laptops having Windows 8.1. Both the laptops are synced together using OneDrive. But I live in Canada/Toronto and these IPs are from Microsoft Corporation (Redmond etc.). And after some failure, the login was successful. During last two weeks or so outlook account never asked me about my security challenge question, but the log of my recent activity shows that I was posed such challenge.
I would contact the outlook team and see if they are implementing new security features. Show them what you have shown us, the IP's etc.
I wouldn't worry about it. Probably nothing more than the NSA, FBI and CIA logging your every move. (You know how sneaky those Canadian's are). Toronto you say? You must be hanging out with Rob Ford.
This occured to me as well when I setup my Outlook.com account in Outlook 2013 and (accidentally) didn't provide it with an app keyword but my normal login information (I use two-step authentication). Since the IPs belong to Microsoft, it probably means nothing. Looking through the logs on account.microsoft.com, these issues occured to me with servers in Seattle and Amsterdam in the past, both locations of GIX internet exchange points. It might be that it was because of high traffic reasons that you were redirected to a Microsoft server in another location to serve the login request. Did you get the mail after a login attempt?
I did some research on the topic too and believe that your explanation is correct. I used two-step authentication for my two computer to fresh install Windows 8.1update1. Both attempts were successful for the first time whereas the log shows some unsuccessful attempts. Those log entries might not be correct because of heavy traffic at Microsoft servers. Now I have a very small issue about this scenario: Why did they sent me an email like this: "Microsoft account Unusual sign-in activity We detected something unusual about a recent sign-in to the Microsoft account (email address removed). To help keep you safe, we required an extra security challenge. Sign-in details: Country/region: United States IP address: 157.56.234.5 Date: 4/2/2014 9:55 PM (EST) If this was you, then you can safely ignore this email." I believe that Microsoft could have sent this email by error.
I think it could be because there were multiple logins (or login attempts) in a short time frame from distant locations (in my case Netherlands and Germany), and that's the reason for the security challenge and the informational mail. Since you cannot be in two different places with hundreds or thousands of kilometres in-between from one minute to the next, the system rated this as "unusual" and informed you about the activity.