WTF MICROSOFT!!

[Md0bR]

Microsoft won't restore my access to my Microsoft account after I have been hacked on the pretext that they MICROSOFT! can't change the security information on the account due to security protocols!!

 

if you want fast forward to the bit about Microsoft just jump to the phrase EXCEPT MICROSOFT!! in bold down below.

 

So some context, recently my main google account got hacked (totally my fault, I downloaded a sketchy program through internet, But to my defense it was through a VM but what the attack did is it toke my google login token and used it to access my google account (shout out to Colton, I feel you now bro - back then I was like look at this dude just clicking random PDFs without any regards to security - I'm really sorry about all comments I left back then as turns out it could happen to anybody even an IT specialist)

at the time I knew something sketchy happened but I was like its just a VM what could happen I'm just going to delete it, as it turns out too many Damn things could happen when you have your main google account that you use for EVERTHING for more than 13 years logged in your VM

 

So in here you are going to ask where does Microsoft comes in in all of that - be patient I'm coming to it.

I opened the sketchy program on July 10 at the time as I said nothing happened and I deleted the VM immediately and thought that was it, the next couple of days it was the weekend and the day after that I took a sick day leave so through out the weekend and the day after I didn't check my phone and my PC (totally my fault I only used my iPad in that time to cut off from people but to my defense most of emails i got at that time just went to spam so either way I wouldn't have known, thanks Google) so the hacker had access to my main email account which is google for whole 4 days.

on July 14 I noticed I started receiving login OTPs for some of my accounts through google account and thought non of it as some random login attempts that's until my cousin called me to inform me that my discord was hacked.

Thats when I knew what had happened and how serious that situation was.
To some it up the hacker was resetting the password for every account that came to mind through logging in with my main google account and resting the password through sending the the OTP to my main google account and then changing the email that is associated with the said account

 

The things that got hacked where:

 

1- Main Google account (But he wasn't able to change the password)

P.S all of the account mentioned below are connected to my main Google account and usually I use it to login in to every service if available)

 

2- Ubisoft account (didn't even bother to restore F*** Ubisoft)
3- Epic Games (I don't know how he hacked it because every time I try to login it askes for SMS OTP)

4- Linkedin

5- MICORSOT account

6- Twitter (X)

7- Discord

8- Riot Games Account (the easiest one to restore even though he changed the password, the phone number and the main email for the account, I was able to restore in just 5 minutes without any hassle thanks to their restore tools)

9- and if that wasn't enough my main google account was the password manger for every other account that wasn't associated with my main google account like facebook and other services I had and even the password for my OTHER google accounts.

 

 

Shout out to Steam he tried to hack it but couldn't because you had to use steam guard to login.
For all of my account that are mentioned above and the ones that are not mentioned I was able to recovery them and changed the password for every* account and services I had because remember he had access to my password manager.

 

EXCEPT MICROSOFT!! because for this one he had changed the login email

for my Microsoft account that is connected to my main PC and my laptop because remember you can't use windows 11 without Microsoft account because MICROSOT shoves it down your throat to login first to use windows.

 

I contacted Microsoft at July 14 to recover my account through the Microsoft account support because the hacker had changed the main account associated with the account so I couldn't do the regular account recovery process and had to contact the Microsoft support to get to this resolved.

to their credit in 15 minutes they were able to see that there is "suspicious" activity in my account like password change and email change and where able to suspend it until further investigation and asked for another email address other than the compromised one to open a case and to contact me for further investigation which I gave them.

 

I received an email on my second account with a case number and they asked for further information which I gave them like (account creation date, xbox ID, any friends accounts I had with account, recent purchases, Ip address, account history questions, Billing address and cards informations,.....)

 

which I gave them all of the information they requested because I still had access to my google account and all of these information I had through emails from Microsoft themself to my main google account.

I replayed to their email 3 days later on July 17 and received a replay immediately telling me "information has been passed to one of our engineers for review. We will work tirelessly to get to your request as soon as we can, but it may take up to 5 business days to get back to you" I was like its ok if it just 5 days then that was ok.

 

July 24 & 29 I sent them emails to inquire about the account recovery status because remember it only takes 5 business days.

 

Post to Aug 6 I finally received their replay email (remember I sent my replay on July 17)

 

they informed me that is "Account security is a top priority at Microsoft, and we have a team dedicated to investigating and validating fraudulent activity. The account and billing activity associated with your Microsoft account was thoroughly reviewed by our fraud team, and I can confirm there was unauthorized access to your account. Unfortunately, during the investigation process, we found that your security information has been changed. "

 

No Sh*t, that was the reason I told you about from that start and which is you confirmed which is why we opened this case in the first place.

 

"Unfortunately, when security features are updated on an account, we are unable to assist with an account recovery as these types of updates and/or removal are completely out of control of customer service. We are unable to make any changes to the security information on the account due to security protocols set up and the acceptance of the Microsoft Services Agreement when the account was created."

 

So let me get this straight, MICROSOFT is saying if your microsoft account security is updated through you or another person (hacked) they Will NOT help you with the account recovery even if you have access to the original email associated with the account and sent them all the information that they requested to recover your account in the first place,

 

Why would you even request the information if you know that you will not recover the account when you know I contacted you because my account got hacked AKA as Microsoft is saying my security information got updated

 

"The only option we have is to permanently suspend this account to prevent any further use. At this time, I have successfully suspended this account, and this will remain on indefinitely.

If you use this account for Minecraft, we regret to inform you that the Minecraft portion of the account is also unable to be recovered and the game will need to be re-purchased on a new account. We understand that this is not the news that you wanted to hear and apologize for any inconvenience that this may cause.

In the event that you have files stored in OneDrive, unfortunately those files are no longer accessible after account suspension and are subsequently unable to be recovered due to encryption; even our engineers do not have standing access to the files. We know that this is not the ideal outcome in terms of your stored files, but please be assured that this is necessary for the privacy of your data and to ensure that it does not end up in the wrong hands permanently.

 Sincerely,

Karisse

Microsoft Customer Support"

Oh wow, thank you so much for this generous outcome. I was really worried you might find some miraculous way to restore my account or data, but luckily you’ve spared me that disappointment by permanently deleting everything instead. And the cherry on top? I get to buy my games again! Truly, customer care at its finest. I’ll be sure to treasure the memory of all my lost files—since that’s the only place they still exist.

 

Thank god I didn't buy any game through Microsoft only through steam, but I had some old family photos and videos in OneDrive, Will now I guess they are just gone. and I had my windows 11 digital licenses for both devices connected to my account so thats down the drain as well.

 

After what happened I just bought a new domain and made my own mailing services to dodge these issues in the feature.

So this is just a reminder to never trust Microsoft with your account or any services provider for that matter or AKA as Microsoft says don't put all of your eggs in one basket.

at this point heck I'll even trust the hacker more to give my account back than them, maybe if I contacted him first and paid a couple dollars before they banned the account he would have given it back.

But oh will I guess the more you F**k around the more you will find out.

 

 

 

[whispous]

Did you have 2fa enabled for your gmail, and for this Microsoft account?

[SpookyCitrus]

Just an FYI, you can most definitely use Windows 11 without a Microsoft Account.

 

Also you never mention 2 Factor Authentication. Are you using it? Are you not? Was it setup using your email as the authentication method and not a cell phone?

[whispous]

It's fascinating how you knew to use a VM to seperate running dodgy software (???) from anything important, and then seemingly signed into important things on the same VM. Truly a stellar mind.

[TudorFinalBosz]

Well, you made a big mistake logging into the Google account while trying to open some shady file in a VM.

As much as I dislike Microsoft, they just did what was stipulated in their terms of service that you agreed on and disabled the account to prevent more damage.

I'm starting to think it becomes important these days to have an air-gapped system for your main rig and some throwaway one for anything online.

[Md0bR]

1 hour ago, whispous said:

Did you have 2fa enabled for your gmail, and for this Microsoft account?

Yes I did have it on for the gmail account but it didn’t matter because he had the session token, as for ms account I don’t remember but either way he could have reset it through the gmail account

[Timme]

Microsoft Authenticator(mobile) - your "password manager" for all your 2FA OTP(one-time passwords) needs. It is linked to your MS account, but it easily connects with any other third-party accounts that support the feature(paypal, google, larian or w/e).

Plus, there might be a possibility that some of the details you provided were incorrect. They check the account history, not its current state.

[Md0bR]

1 hour ago, whispous said:

It's fascinating how you knew to use a VM to seperate running dodgy software (???) from anything important, and then seemingly signed into important things on the same VM. Truly a stellar mind.

Thank you wise sir, as I said it was my mistake in the first place to login with the gmail account but I had don’t it previously for a different matter and forgot about.

[Md0bR]

1 hour ago, SpookyCitrus said:

Just an FYI, you can most definitely use Windows 11 without a Microsoft Account.

 

Also you never mention 2 Factor Authentication. Are you using it? Are you not? Was it setup using your email as the authentication method and not a cell phone?

Yes, I use them both without ms account but for the applications which is inside like ms store and what not I have to use them for it

 

as for the 2FA as said im not sure but if I was it would have been through my gmail account 

[StDragon]

Use MS Authenticator for MS MFA, but also register two Yubico keys as an alternative means of gaining access to the account in case the phone blitzes on you and you've lost access to the MS Authenticator app.

Don't get locked out of your accounts.

[wasab]

Why are the attacker so interested in your gaming accounts instead of something seriously damaging lol, like say your Bitcoin wallet?

[TudorFinalBosz]

Don't people use phone SMS as a 2FA second step to authenticate? I use that on all my accounts and it's basically impossible for anyone to take control of them. Without also physically getting the phone (if they're able to crack the pass and enter a matching fingerprint).

 

I discovered someone had logged into my Steam account a while ago but he was never able to change the password or security stuff, because they ask you to confirm through a code sent to your mail and my email is tied to a phone number. It was easy for me to change pass and block any future attempt by someone else to log in.

[CasualExtremist]

2 minutes ago, TudorF said:

Don't people use phone SMS as a 2FA second step to authenticate? I use that on all my accounts and it's basically impossible for anyone to take control of them. Without also physically getting the phone (if they're able to crack the pass and enter a matching fingerprint).

Not to get too far off-topic, but the cellular communication protocol has some seriously weak back-door entries for spoofing an existing number as well as intercepting communications (including those 2FA texts). 

 

[dogwitch]

11 minutes ago, CasualExtremist said:

Not to get too far off-topic, but the cellular communication protocol has some seriously weak back-door entries for spoofing an existing number as well as intercepting communications (including those 2FA texts). 

 

yep and i refuse to do banking that way.

hell i know and get access to a (fish device) to be a fake tower.

[TudorFinalBosz]

16 minutes ago, CasualExtremist said:

Not to get too far off-topic, but the cellular communication protocol has some seriously weak back-door entries for spoofing an existing number as well as intercepting communications (including those 2FA texts). 

 

What's the rundown? I don't watch half an hour of any video, no matter who does it. That phones can be intercepted? That phonecalls can be spoofed? You need to have the devices, knowledge and the target needs to be valuable enough. If someone wants my shitty emails and goes to such great lengths to get ehm, I'm flattered. I am important, after all.

[StDragon]

1 hour ago, TudorF said:

What's the rundown?

TLDR - Anyone's phone number can be hijacked long enough to receive the txt based MFA code. Lots of money and interest involved for this to be an ongoing issue.

Got a bank account with creds leaked online, and it requires TXT based MFA? Well, don't be suprised if your checking account gets zeroed out.

[emosun]

2 hours ago, Md0bR said:

but for the applications which is inside like ms store

ew ms store

[wasab]

2 hours ago, CasualExtremist said:

Not to get too far off-topic, but the cellular communication protocol has some seriously weak back-door entries for spoofing an existing number as well as intercepting communications (including those 2FA texts). 

 

I use authy. Works for all 2 factor. 

[TudorFinalBosz]

59 minutes ago, StDragon said:

TLDR - Anyone's phone number can be hijacked long enough to receive the txt based MFA code. Lots of money and interest involved for this to be an ongoing issue.

Got a bank account with creds leaked online, and it requires TXT based MFA? Well, don't be suprised if your checking account gets zeroed out.

Ok, thanks for the summary.

Still, someone intercepting the phone would have to know where I live and spend time monitoring what I'm doing, enough to know I just tried to log in to some service. That involves some expense and it means I must be a very important person.

As for zeroing an account, again, I believe that kind of communication between banking app and bank goes through encrypted SSL traffic. They could intercept the packages but it would look like garbled data, nothing they could use unless they have cutting edge quantum computers that break AES.

[StDragon]

1 hour ago, TudorF said:

That involves some expense and it means I must be a very important person.

Not really. There's pastebins of info to be found on the darkweb. Take an entire database of leaked info and with the proper LLM, you could have AI dox any individual for easy pickings. Leave a little info there, a little here, a little over there... AI will thread that all togeather to paint a much more comprehensive picture of that person's profile.

 

1 hour ago, TudorF said:

As for zeroing an account, again, I believe that kind of communication between banking app and bank goes through encrypted SSL traffic. 

You misunderstand. If someone can intercept the MFA SMS text message, they could log into your account (as you) terminated out of a local VPN service so as to not trip 'impossible travel' access policies. Once in, they wire money overseas where it's out of national jurisdiction. For example an American bank wiring money to Africa. Good luck getting that back (you wont).

Point is, SMS is not secure and shouldn't be used for any account. It's a crime against humanity that some banking institutions still use it!!! But hey, they probably figure you're FDIC insured and so doesn't really matter to them.

[Caroline]

5 hours ago, wasab said:

Why are the attacker so interested in your gaming accounts instead of something seriously damaging lol, like say your Bitcoin wallet?

You know how expensive that shit is? there are accounts worth MILLIONS out there, the gacha addicts will spend in a rage night what I'd earn in a decade, all the lootboxes, cosmetics, P2W "boosts" or access to better/unique in-game abilities, guns, cars, etc.

 

Some games are outright interactive gambling sites, like EVE online, GTA, counter strike, battlefield, league, ZZZ, even fortnite. There's way more.

[wasab]

11 minutes ago, Caroline said:

You know how expensive that shit is? there are accounts worth MILLIONS out there, the gacha addicts will spend in a rage night what I'd earn in a decade, all the lootboxes, cosmetics, P2W "boosts" or access to better/unique in-game abilities, guns, cars, etc.

 

Some games are outright interactive gambling sites, like EVE online, GTA, counter strike, battlefield, league, ZZZ, even fortnite. There's way more.

Well, I don't see how any of these is something a hacker can monetize and profit from 

[gentlemanspot]

 

 

Did you not run AV/EDR on your Canary VM?  Did you not have MFA? 

 

i feel there are a lot of lessons to be learnt here!

 

Running dodgy software, play stupid games, win stupid prizes! 

[Mihle]

8 hours ago, wasab said:

Well, I don't see how any of these is something a hacker can monetize and profit from 

They are probably doing two things:

• For Steam, some could have items in the inventory that can be sold for money. Transfer those to another account, then sell then.
• Sell the account itself to someone else. For lower value than what the accounts have in it (games etc), but can still be sone amount. If you search for "steam Account for sale" or "[some game] Account for sale " or something similar, you can easily find plenty accounts for sale. Some of them may be the owner selling their accounts, but I bet there is quite a bit that is hacked accounts too.

[Doobeedoo]

So iPad is to blame, I knew it. But yeah sketchy stuff and VM with logins oof. Also you don't need MS account to log into Windows or install it.

But MS email has some odd security protocols too, once I had issues with my email I thought it may have been hacked. There were spams of attempted logins and MS locked my account for a month saying for security reasons. On my browser it logged me out and couldn’t log back in saying it's locked. Luckily on my phone I could view it somehow, didn't wanted to logout or change password, so I just waited a month to do all reset etc.