Someone gains access. What info can he get?

Dear CWE_300

A: If you log in your Microsoft account from an abnormal IP, you will receive an abnormal login alert, you can choose "This is me" in the account activity to resolve the abnormal activity record, of course, hackers may also use this function to mark their IP as normal IP.

2. Is there a way to tell if people who have logged in are still in my account?

You can find out by going to

account.microsoft.com/privacy/location

You can view the most recent logins at account.microsoft.com/privacy/location.

3. if these people are still on my account, how do I tell them to leave?

Add Microsoft Authenticator, change your password using a secure device, and remove any account aliases that may be anomalous.

Tips:If your account password has been changed repeatedly, it is recommended that you disconnect any computer devices that may have been poisoned, turn off your computer, and disconnect from the Internet.

4. if they are still on my account, can they see the new password I entered when I changed it?

No. If you change your password on a poisoned computer, your password will indeed continue to be stolen, and as described above, you should change your password on your cell phone or other trusted device.

5. how did they get through the two-step verification process?

Some password stealing programs do not steal your account password directly, when you try to log in to your Microsoft account and pass the two-step verification process, a SESSION ID is generated which is used to quickly log in to your computer, but if the hacker has direct access to this file, they may be able to spoof the server that it is in a normal environment and change the password.

6. will they be able to see everything on Microsoft Edge and access applications on Edge?

If you are using Edge Privacy Mode then they cannot get access to the content viewed on your Edge, they can access the applications on your Edge but usually not.

Because hackers usually use automated tools to steal Microsoft accounts, they scan for valuable keywords for further extortion or fraud, such as bank card information, such as digital currency wallet addresses, or other sensitive information. But all of this is done automatically. If there is no information under your account that triggers their hacker flagging tool indicating a high-value account, then they usually don't do it manually, which also means that the hackers don't care and won't see any of your information. After all, they don't have SO MUCH time.

I hope the above information will help you

Best Wish

Shawn Z  | Microsoft Community Support Specialist

Hi! CWE_300,  

Welcome to the Microsoft Community! I realize that you've encountered a problem with what information will someone have access to if he gains access your account, and I understand how you feel. To avoid misunderstanding, I would like to ask you if by gain access, you mean that some people have gotten the password to your account?

If someone else obtains the password to your Microsoft account, this poses a great risk to your personal information. He will be able to log in to your Outlook mailbox with your password and send emails that are not intended for you. At the same time he can also log in through: Microsoft account | Home，Access to all private information in your account (including your personal name, address information, phone number, date of birth, and even your payment bank card number, etc.)

So if you are having problems with your account having a compromised password, please go through the link above and click on Change Password in the upper right hand corner of the page to change your password immediately to avoid serious damage to you. Feel free to post back if you need further assistance.Thank you for your understanding and patience. Best Regards Eddy | Microsoft Community Support Specialist

I don't know how someone could have gotten my password since I had to get it out of my vault. I don't know it myself. I also had 2step verification on account at the time. However, there were 2 "successful sign-ins" listed on same day at same time on my account. One from El Salvador and one from Russia. The session activity on both sign-ins lists "Resolved unusual activity". That was all of the activity that occurred according to the activity list. There were also 2 other attempts at the exact same time that were listed as " Unusual activity detected". One of these was from Russia, the other from Mexico. So there were a total of 4 at the exact same time from 4 different locations. What in the world does this mean?

I have since changed my password twice. But I have no idea what went on. Are those people still on my account? How could they sign-ins with no password through the 2 step verification? What do I do next? I need to get to some of my other apps on Microsoft, but I'm afraid to do anything. Will changing my password twice be effective if someone is still on the account? Can he or she see the new password I entered? Please help!

Thank you. I had already done the security items you suggested before I posted here, except for the Authenticator, which I will go do now. However, your response did not answer my real questions.

1. What does "resolved unusual activity" mean?
2. Is there a way to tell if those signed-in people are still on my account?
3. If those people are still on my account, how do I get them off?
4. If they are still on my account, can they see the new passwords I enter when I change the password?
5. How did they get through the 2-step verification process?
6. Can they see everything on Microsoft Edge and access apps on Edge?

Thanks,

CWE_300

Dear CWE_300

Thank you for posting here in Microsoft Community.

To check on your recent activities on this link; https://account.microsoft.com/privacy/activity-history see if the one you are referring was successful or not. What I highly suggest is you can add more layer of security to your Microsoft account such as using the Microsoft Authenticator application, this will make your account more secured as it will send a code to the application installed on your phone which by the code refresh from time to time, and only you can access it. You may refer to this article for reference: How to use the Microsoft Authenticator app - Microsoft Support and make sure to backup your credential by following this: Back up and recover account credentials in the Authenticator app - Microsoft Support. Which you may also try going passwordless, depending on your preference: How to go passwordless with your Microsoft Account - Microsoft Support.

I also suggest to not use the same password whenever you are trying to register an account using the same email account to third party websites, specially the ones that you don't trust or unfamiliar ones.

I hope this information helps!

If you have any questions, please contact us and we will get back to you as soon as possible!

Thank you for your understanding and cooperation.

Best Regards , 

Kokutou-MSFT |Microsoft Community Technical Support Expert