Share via

Unusual Account Activity from MS IP Addresses

Anonymous
2022-07-15T04:15:50+00:00

Yesterday I received an email from your Microsoft Account Team regarding unusual activity.  When I looked into it, it showed an unusual actvity detected for an Automatic POP3 sync from IP 13.101.248.75.  This activity did not have my account alias listed as it usually does, and listed the location as United States.  On the review activity page I said this was not me.  I changed my password, but then saw another unusual account activity from IP 13.101.248.41. This one did have my account alias listed.   I changed my passwords almost 1/2 dozen times yesterday.24hrs after my final password change, I received today another email regarding unusual activity.  It was another unusual activity detected for an Automatic POP3 sync from IP 13.101.248.75. Once again I confirmed this was not me, although this time I did not change my password.  Three hours later, I received yet another notification of unusual activity.  This time it was for IP 13.101.219.207  However, at the same time it had the exact same thing for IP address 13.101.53.212.  While I was not notified of that one, nor asked to confirm if this was me, it does list it as unusual activity. I looked all the IP address up on ARIN WHOIS.  According to them they all belong to Microsoft. I am sending this to all the email addresses on ARIN WHOIS that are listed as a point of contact.  I NEED ANSWERS. This has never happened before yesterday. I am afraid to confirm that these are me because I don't understand why MS IPs would be POP3 syncing to my account. I only have my Gmail account to POP3 sync to this email.  Those IP addresses tend to begin with a 2607 number.  I keep saying this isn't me, but not sure what I should do. Ignore, confirm it's me or continue to say it's not me. I want to know why is a Microsoft IP auto syncing to my email account? So much so that it generates an unusual activity text/email?I NEED some guidance on this.  There is no help article covering this.  And there is no way to contact a live person for help, which is ABSOLUTELY RIDICULOUS!

Outlook | Windows | Classic Outlook for Windows | For business

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

Answer accepted by question author

Anonymous
2022-07-19T21:48:24+00:00

Finally got to talk to someone at MS- this was their reply:

Thank you for the information. Please be advise that Microsoft is aware of this known issue already. This started to happen even last week and we are already working with this matter. We even have created a ticket number for this issue while it is still happening.

The ticket number for the emerging issue is INC31680156.

So they are on it, but no idea when it will be fixed.

[EDIT] They also confirmed that the account was secure, no need to change passwords, etc

Was this answer helpful?

30+ people found this answer helpful.
0 comments

52 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-07-16T12:39:13+00:00

    Chandy, I'm having the same issue with both mine and my wife's hotmail. Multiple "unusual sign-in activity" emails, and they are all from Microsoft IP addresses, It is driving me crazy!!! PLEASE READ THESE POSTS CAREFULLY, and don't just post generic security advice. Something is going on at Microsoft's end, and someone needs to look into it. Sorry for shouting, but I needed to get the message across, Microsoft is the cause of this problem not we users. Thanks.

    Was this answer helpful?

    10+ people found this answer helpful.
    0 comments
  2. Anonymous
    2022-07-16T05:23:00+00:00

    Hi Chandy.

    No I haven't signed into my account while traveling. I have not installed any new apps or used a VPN. My Gmail has been setup for over a decade to import my live emails via the POP3 server. For the last two years, I mostly access my gmail via my Pixel 4a. This unusual activity is a new thing.

    All the IP address, when checked against https://whois.arin.net/ui/ show up as being owned by MS. I just received another alert this evening. The IP 13.101.248.41 https://whois.arin.net/rest/net/NET-13-64-0-0-1/pft?s=13.101.248.41 

    The list of IPs I have gotten unusual activity: 13.101.248.75 / 13.101.219.207 / 13.101.53.212 / 13.101.247.21 / 13.101.247.50. All checked on WHOIS-RWS, all shown as being MS own. Changing my password has not stopped this. I even tested a secondary account. I added my hotmail account to first my gmail, and then my dad's gmail. I even used the newer server address of outlook.microsoft.com Within minutes of enabling POP I got notified of unusual activity. The activity was from one of the 13 IP addresses, so MS. I changed the password on that account as well. Didn't stop the unusual activity notices.

    I contacted outlook.com help via the email, and provided a detailed email with screenshots. Waiting to hear back.

    Changing my password doesn't work. And I seriously doubt that adding 2factor will do anything, as these IPs seem to belong to MS. Not to mention, because I use POP3 to import my email to gmail, I'm not sure how 2factor would affect that. And I already have to provide a text code whenever I want to access security info, so honestly don't see the point. I don't save any devices to my account, but I have already told it multiple times to forget all devices. Still getting unusual activity. I don't want to delete the POP3 import of live from my gmail because it's the easiest way for me to get my live email, and it doesn't require me downloading another app or creating another account on my phone.

    Really beginning to think this is some kind of bug from MS.

    Also, I saw your private message but it won't let me respond or provide screenshots. Not sure if I'm not doing something right or what, as this is my first time on this forum ever.

    Was this answer helpful?

    10+ people found this answer helpful.
    0 comments
  3. Anonymous
    2022-07-15T17:44:51+00:00

    I am also getting the exact same issue from Microsoft IPs, but with IMAP syncs. Changed password, and hours later the same thing. I'm only using IMAP from Thunderbird client on Windows and I can see those syncs with the correct IPv6 and IPv4 addresses.

    13.101.246.168

    13.101.216.102

    13.101.246.74

    Was this answer helpful?

    10+ people found this answer helpful.
    0 comments
  4. Anonymous
    2022-07-16T05:24:16+00:00

    Hi Fred.

    Thank you for adding your issue as well. I am glad I am not alone in this.

    Was this answer helpful?

    6 people found this answer helpful.
    0 comments