Received multiple Single Use code request email notifications: PLEASE ADDRESS MICROSOFT! This is not safe.

Question

I keep looking for a place on this website to speak to a Microsoft employee about this, but I can't find any obvious links. Something has been compromised for several of us, dating back to 2020 according to these forums and some reddit forums, but also more frequently in the last month.

I received single use code requests from Microsoft on 12/24/21, 01/03/2022, 01/07/2022, 01/14/2022, and yesterday 01/19/2022. The last two were not recorded in my security history.

The emails always state:

Hi [email address]We received your request for a single-use code to use with your Microsoft account.Your single-use code is: [Code]If you didn't request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.Thanks,The Microsoft account team

"Someone might have typed my email address in by mistake." Is absolutely NOT a good excuse. They do not even advise you to check your security settings, most places say if the log in attempt wasn't you to contact them.

When I look into these notifications on my account, it says there was failed attempts at my password AND these two of these devices are in South Africa and Brazil. I live in the U.S. and I haven't logged into this account since I cancelled my Office 365 subscription around December 10, 2021.

Someone has my e-mail address and several other Microsoft users addresses and are attempting to log in to our accounts multiple times. I don't know that changing our account password will actually help and wonder if this is what the hackers want you to do.

I honestly want to remove my e-mail address to stop getting the notifications and redirect it to a different address but I'd have to create a whole new account just to do that.

Answer 1

I have faced the same issue as others on this thread: many single-use code emails, but no unauthorised log in attempts when I reviewed the access history.

Why the problem was occuring:

My primary email address was listed *on another Microsoft account* as a recovery email/method to receive a secure code to log in. I had forgotten that account existed, but once I logged into that account I could see many, many unauthorised attempts to log in (from a VPN presumably, since there were connections from everywhere).

Solution that worked for me:

Work out what old account I had set my email as a recovery account for. Log into that account and removed my email.

Recommendation to Microsoft:

• include information of which account is generating the single use code email
• consider ways to improve security, since as per a previous post of mine, I have concerns that bad actors could brute force a 7 digit number 'password' with enough attempts/email addresses.

Answer 2

I have been getting dozens of single code requests for the past month. I spoke to a Microsoft advisor through their live chat system. He said I had taken all the right steps (Changed Password and added Two Step Verification on the account AND enabling Microsoft Authenicator on my phone where I have to physically enter details to access my email account before any details are changed)

He said I can safely ignore the emails as they won't get in. Just annoying.

I advise you to follow what I have done.

Answer 3

Thanks! I checked mine. It's kind of scary seeing how often the attempts are made and the locations (e.g. USA, Hong Kong, El Savador, Egypt, assuming the hacker wasn't falsifying their location). I hope their is enough security built in to stop them, e.g. I wonder if they could ever get lucky and guess the 6 digit code? (after guessing my secondary email address of course) If they use a bot and keep trying, I guess they could get lucky?

Answer 4

Yep, I did the same thing. At one point I was getting it several times a day and late at night so I changed up the password and added the Two Step Verification. Annoying but we'll protected.