Share via

Conta invadida

Jessyka Vilas Boas 0 Reputation points
2026-01-08T22:35:09.0033333+00:00

Minha conta Outlook está sob sequestro ativo.

Mesmo após troca de senha, ativação de 2FA, remoção de métodos, regras e IMAP, o invasor continua criando rascunhos em tempo real.

Solicito revogação total de tokens OAuth/Exchange, encerramento de todas as sessões ativas no servidor e auditoria da conta.

Outlook | Windows | New Outlook for Windows | For home
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jeronimo Fuerte 40,440 Reputation points Independent Advisor
    2026-01-08T23:15:27.2333333+00:00

    Hi! The password change is a good start. You should also check that your contact methods remain the same here:

    https://account.live.com/proofs/manage/additional

    After that, close all your open sessions. You will need to log back in to all your devices, but it's safer this way:

    https://account.live.com/proofs/manage/additional

    After this, please review the next link to see if any apps that you don’t know have access to your account and delete them:

    https://microsoft.com/consent

    After that delete all the draft that have been created

    Was this answer helpful?

    0 comments

  2. AI answer

    2026-01-08T22:35:19.0933333+00:00

    To address a compromised Outlook account, follow these steps:

    1. Revoke User Access: You can revoke any active sessions using the stolen credentials. Use PowerShell to run the following command: 
         Connect-MgGraph -Scopes User.RevokeSessions.All
   Revoke-MgUserSignInSession -UserId <UPN>
      Replace <UPN> with your user principal name (email address).
    2. Reset Password: Ensure that you reset your password again, and consider doing this in your Active Directory if your account is synced.
    3. Enable Multifactor Authentication (MFA): If not already done, enable MFA for added security. This helps prevent unauthorized access even if the password is compromised.
    4. Review MFA Registered Devices: Check for any suspicious devices that may have been added by the attacker and remove them.
    5. Audit Account Activity: Use the Microsoft Entra admin center and the Microsoft Defender portal to review logs for any unusual activity, including sign-in attempts and actions taken on the account.
    6. Remove Suspicious Email Rules: Check for any email forwarding rules or other suspicious configurations that may have been set up by the attacker.
    7. Contact Support: If the issue persists, consider reaching out to Microsoft support for further assistance in securing your account and ensuring that all unauthorized access is terminated.

    By following these steps, you should be able to regain control of your account and secure it against further unauthorized access.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.