I was hacked...

[Asams452]

So last weekend I recieved multiple notifications regarding my Microsoft account. This is an account I've had since the OG days of Xbox 360... Somehow.. I'm not sure how but someone had gained access and spent 500+ dollars. As soon as I seen the notifications, I got access and changed password and enabled 2FA along with removing all logins/devices associated.. They continued to try to gain access (no longer able too) which then in turn locked my microsoft account. I then appealed to Microsoft about the charges and locking of my account. Come the next night I recieved an email from Microsoft stating that due to 2FA being active my account is locked for good. Years gone.. Thousands of Hours gaming gone... Thousands of dollars spent gone... I'm aware that I should've had my account more secure well before this but due to normal life and being a father I never pushed to take the time to do it. I learned after that through the linked accounts they were able to get access too my Epic games account and they completely took it over, changed email, password and display name..My recommendation is secure properly.. hoping someone can learn from my experience.. on a side note during securing my other accounts I lost access to my PS account due to 2FA (also mister on my part). But luckily PS had a program to solve this and within 5 minutes I was back in. So once again SECURE YOUR ACCOUNT... Thanks for listening.

[Poinkachu]

Sorry for your loss, but yeah lesson learned.

Expensive lesson :<

[Blue4130]

Ouch that sucks. One thing that never sat well with me was linking accounts. For this very reason. It may be less convinient being unlinked, but it can really wall off bad actors.

[freeagent]

That sucks man. I don't even run torrent on my computers anymore. Shit I don't even look at porn on my computers anymore haha. Not because of my wife, but I have zero trust in the intertoobz.

[Tetras]

1 hour ago, Asams452 said:

Somehow.. I'm not sure how but someone had gained access

Have you checked the pwned site to see if it came from a leak?

[Asams452]

17 minutes ago, Tetras said:

Have you checked the pwned site to see if it came from a leak?

No new leaks as of the leak time. Just old that I had already dealt with

[SpaceGhostC2C]

2 hours ago, Asams452 said:

Come the next night I recieved an email from Microsoft stating that due to 2FA being active my account is locked for good. 

This doesn't make sense to me. You enabled 2FA and that made your account irrecoverable when someone tried, unsuccessfully, to log in? 

[Chree]

Sounds like u got a remote desktop trojan It's the only way to bypass 2fa like this,  uninstall remote desktop on your computer.  I would take this very seriously. 
a Remote Desktop Trojan lets a user have full access to your pc like they were standing in front of it but it doesnt show what theyre doing.  They can buy things and auto fill out your info. 
You should also change all your passwords something to at least 20 characters with numbers and symbols.  If someone advanced in pc's gets remote desktop access they can install malware into ur CPU, GPU, BIOS, they can turn malwarebytes into a killbot.  

[BlueChinchillaEatingDorito]

3 hours ago, Asams452 said:

So last weekend I recieved multiple notifications regarding my Microsoft account. This is an account I've had since the OG days of Xbox 360... Somehow.. I'm not sure how but someone had gained access and spent 500+ dollars. As soon as I seen the notifications, I got access and changed password and enabled 2FA along with removing all logins/devices associated.. They continued to try to gain access (no longer able too) which then in turn locked my microsoft account. I then appealed to Microsoft about the charges and locking of my account. Come the next night I recieved an email from Microsoft stating that due to 2FA being active my account is locked for good. Years gone.. Thousands of Hours gaming gone... .

I'm a bit confused, so 2FA was still active on a method you had control over (i.e. Phone number, Microsoft Authenticator)? Doesn't make sense to me how your "locked out" account is gone for good if you are still in control of the 2FA methods. It should just be a matter of waiting for the lockout to clear.

[Asams452]

6 minutes ago, Chree said:

Sounds like u got a remote desktop trojan It's the only way to bypass 2fa like this,  uninstall remote desktop on your computer.  I would take this very seriously. 
a Remote Desktop Trojan lets a user have full access to your pc like they were standing in front of it but it doesnt show what theyre doing.  They can buy things and auto fill out your info. 
You should also change all your passwords something to at least 20 characters with numbers and symbols.  If someone advanced in pc's gets remote desktop access they can install malware into ur CPU, GPU, BIOS, they can turn malwarebytes into a killbot.  

Was done while PC was off. I don't get an excessive amount of gaiming time lately. Plus sorry if it was clear before.. activated 2FA after to make sure no one else could access again no matter if they had password or not.

[Asams452]

3 minutes ago, BlueChinchillaEatingDorito said:

I'm a bit confused, so 2FA was still active on a method you had control over (i.e. Phone number, Microsoft Authenticator)? Doesn't make sense to me how your "locked out" account is gone for good if you are still in control of the 2FA methods. It should just be a matter of waiting for the lockout to clear.

Yes I have full control but Microsoft themselves locked the account or "suspended" in their terms. Indefinitely 

[Chree]

Check your  email sign in activity I am an actual pro gamer and have brute force bots trying to crack all my passwords all the time. 

4 minutes ago, Asams452 said:

Was done while PC was off. I don't get an excessive amount of gaiming time lately. Plus sorry if it was clear before.. activated 2FA after to make sure no one else could access again no matter if they had password or not.

 

[Asams452]

48 minutes ago, SpaceGhostC2C said:

This doesn't make sense to me. You enabled 2FA and that made your account irrecoverable when someone tried, unsuccessfully, to log in? 

Correct cause to this day there are attempts to log in. I'm assuming it flagged a "suspicious" activity (way too late) which in turn caused them to lock account

[Asams452]

Just now, Chree said:

Check your  email sign in activity I am an actual pro gamer and have brute force bots trying to crack all my passwords all the time. 

 

Can get email notifications on my phone but can't see full emails due to that email being permanently "suspended". 

[BlueChinchillaEatingDorito]

8 minutes ago, Asams452 said:

Yes I have full control but Microsoft themselves locked the account or "suspended" in their terms. Indefinitely 

I'm surprised they have such a weird policy. Even if you've resecured your account and the unauthorized access is forced out, Microsoft doesn't trust the account enough to allow it to continue existing. That being said, it's a suspension not a deletion so your data based on their wording, still exists on their servers. It's just not accessible to you, or anyone else.

 

I feel like if this happened in Europe, the EU would like to have a word since GDPR is really strict on stuff like this. 

 

[Chree]

1 minute ago, Asams452 said:

Can get email notifications on my phone but can't see full emails due to that email being permanently "suspended". 

I would keep trying to recover the email with tickets.   You'll need a crazy amount of proof it was yours though. 

 

[Mark Kaine]

On 2/8/2025 at 3:28 AM, BlueChinchillaEatingDorito said:

I'm surprised they have such a weird policy. Even if you've resecured your account and the unauthorized access is forced out, Microsoft doesn't trust the account enough to allow it to continue existing. That being said, it's a suspension not a deletion so your data based on their wording, still exists on their servers. It's just not accessible to you, or anyone else.

 

I feel like if this happened in Europe, the EU would like to have a word since GDPR is really strict on stuff like this. 

 

imagine someone breaking in your car, then BMW just "suspends it permanently" for "security reasons" xD

 

this seems indeed very strange (and yes i know Microsoft accounts are god awful regarding security etc, that's why i don't have one lol) 

[BlueChinchillaEatingDorito]

5 minutes ago, Mark Kaine said:

imagine someone breaking in your car, then BMW just "suspends it permanently" for "security reasons" xD

 

this seems indeed very strange (and yes i know Microsoft accounts are god awful regarding security etc, that's why i don't have one lol) 

BMW: Yes sir, I understand you recovered your car after it was stolen, but for security reasons both your heated seats and iDrive will no longer function. Be grateful we managed the validate the airbags. 

[Sir_Alex]

If you have banking statement, you can easily prove you own the account.

Problem with Microsoft, is it's all outsourced to AI and 3rd World countries.

You'll need to get someone actually talk to you, which comes handy with Twitter. For some reason, most people have better luck there.

Tag Xbox, Microsoft and Phil Spencer. Post your tweet here and some people will probably upvote/like it