Why did Microsoft login my @outlook.com account and reported me about security breach

Discussion in 'Windows 8' started by aliennumberseven, Apr 4, 2014.

  1. aliennumberseven

    aliennumberseven MDL Novice

    Nov 12, 2012
    14
    0
    0
    Recently I got two emails from Microsoft outlook team sayingthey have detected somethingunusual about a recent sign-in to my Microsoft account. The emails advised to changemy password if this was not me. When I looked up my account, following IPaddresses were used to attempt to login:
    157.56.237.101 = successful sign-in
    157.56.244.37 = security challenge
    157.56.234.5 = security challenge
    After a little research I found out that all these IPaddresses belong to Microsoft. Now I have two questions:
    Why did they failed to login my account at their firstattempt?
    What information, if any, they have about my account as itseems that login was done after entering security challenge question?
    Or, is this another person using Microsoft IP address? :confused:
    Thanks
    m1.jpg
     

    Attached Files:

    • m1.png
      m1.png
      File size:
      54.4 KB
      Views:
      44
    • m2.png
      m2.png
      File size:
      52.6 KB
      Views:
      41
  2. hbhb

    hbhb MDL Expert

    Dec 15, 2010
    1,017
    263
    60
    dude, secure your account. Consider changing emails assuming your activity is all legit. Peace out
     
  3. cruxq

    cruxq MDL Junior Member

    Mar 31, 2010
    71
    23
    0
    Are you using the online account with win 8 ?

    If so... that could explain things.
     
  4. ajua

    ajua MDL Novice

    Feb 17, 2008
    49
    6
    0
    It is perhaps someone trying to log into your account, not Microsoft.

    I would change my password and security detailts just to be safe and I would advise you to keep in touch with the Outlook team just to follow up on this.
     
  5. aliennumberseven

    aliennumberseven MDL Novice

    Nov 12, 2012
    14
    0
    0
    Yes, I am using my online account to login with two laptops having Windows 8.1. Both the laptops are synced together using OneDrive. But I live in Canada/Toronto and these IPs are from Microsoft Corporation (Redmond etc.). And after some failure, the login was successful. During last two weeks or so outlook account never asked me about my security challenge question, but the log of my recent activity shows that I was posed such challenge.
     
  6. aliennumberseven

    aliennumberseven MDL Novice

    Nov 12, 2012
    14
    0
    0
    #6 aliennumberseven, Apr 4, 2014
    Last edited: Apr 5, 2014
    (OP)
    Yes, I am using online account with win 8.1. Can you please explain why is it happing?
     
  7. EFA11

    EFA11 Avatar Guru

    Oct 7, 2010
    8,795
    6,762
    270
    I would contact the outlook team and see if they are implementing new security features. Show them what you have shown us, the IP's etc.
     
  8. mimart7

    mimart7 MDL Senior Member

    Aug 28, 2012
    331
    84
    10
    #8 mimart7, Apr 4, 2014
    Last edited: Apr 4, 2014
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Al_Gore_Internet_Inventor

    Mar 18, 2014
    46
    7
    0
    #9 Al_Gore_Internet_Inventor, Apr 5, 2014
    Last edited: Apr 5, 2014
    I wouldn't worry about it. Probably nothing more than the NSA, FBI and CIA logging your every move.

    (You know how sneaky those Canadian's are).

    Toronto you say? You must be hanging out with Rob Ford.
     
  10. Vico

    Vico MDL Junior Member

    Jan 4, 2008
    94
    5
    0
    If you live in the USA its probably that spy program (NSA?) requesting Microsoft for your details.
     
  11. sevenacids

    sevenacids MDL Addicted

    Aug 17, 2012
    628
    186
    30
    This occured to me as well when I setup my Outlook.com account in Outlook 2013 and (accidentally) didn't provide it with an app keyword but my normal login information (I use two-step authentication). Since the IPs belong to Microsoft, it probably means nothing. Looking through the logs on account.microsoft.com, these issues occured to me with servers in Seattle and Amsterdam in the past, both locations of GIX internet exchange points. It might be that it was because of high traffic reasons that you were redirected to a Microsoft server in another location to serve the login request. Did you get the mail after a login attempt?
     
  12. aliennumberseven

    aliennumberseven MDL Novice

    Nov 12, 2012
    14
    0
    0
    I did some research on the topic too and believe that your explanation is correct. I used two-step authentication for my two computer to fresh install Windows 8.1update1. Both attempts were successful for the first time whereas the log shows some unsuccessful attempts. Those log entries might not be correct because of heavy traffic at Microsoft servers. Now I have a very small issue about this scenario: Why did they sent me an email like this:

    "Microsoft account
    Unusual sign-in activity
    We detected something unusual about a recent sign-in to the Microsoft account (email address removed). To help keep you safe, we required an extra security challenge.
    Sign-in details:
    Country/region: United States
    IP address: 157.56.234.5
    Date: 4/2/2014 9:55 PM (EST)
    If this was you, then you can safely ignore this email." I believe that Microsoft could have sent this email by error.
     
  13. sevenacids

    sevenacids MDL Addicted

    Aug 17, 2012
    628
    186
    30
    I think it could be because there were multiple logins (or login attempts) in a short time frame from distant locations (in my case Netherlands and Germany), and that's the reason for the security challenge and the informational mail. Since you cannot be in two different places with hundreds or thousands of kilometres in-between from one minute to the next, the system rated this as "unusual" and informed you about the activity.