This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
It's been 4 hours since my account got hacked. I have never shared my email or password anywhere, I'm extremely cautious, yet they cracked the code without using 2fa. What is going on? I have many important information within the following account and purchases. They also tried to get into my other personal account but 2fa actually stopped them from getting access. Fortunately I do have a Gmail account connected to both so I could see their IP but I don't think I can do anything else. Also, why isn't there a personal contact for support. I don't like the idea of it being an entire article not going to lie but whatever.
Processes in Microsoft 365 for setting up Office apps, redeeming product keys, and activating licenses.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
That may be true, but how do they bypass the 2fa?
Every 2FA has backup codes that people can use if they need to get in to their account but don't have their phone.
That may be true, but how do they bypass the 2fa?
I have never shared my email or password anywhere, I'm extremely cautious, yet they cracked the code without using 2fa. What is going on?
That can happen in plenty of ways, I'm afraid. For example: the information could have been stolen by malware, or involved in a data breach . And while you've never shared your email or password anywhere, as far as you know, studies consistently show that in very many successful hacks, the user was tricked into giving away the information. There is a saying in the cybersecurity community: Attackers don't hack their way in, they log in.
If your account was successfully attacked, it's gone. There's nothing that Microsoft can do about it. While you are spending time trying to find someone at Microsoft to talk to, the attacker could be ruining your good name and your good credit. You have to be concerned with what the attacker knows about you and how they can (mis)use that information. Protect your identity!