Suspicious Login Successful

Question

There were 3 suspicious attempts to log into my Microsoft account inside Windows 11. One of them was successful and they had nearly 24 hours before I received notice and changed my password and deleted all saved passwords to other websites including all of work and personal accounts.

I am most concerned with my OneDrive files. I have read through similar questions and answers here but they were from 2024. I am curious to know a few things now:

1-Could they access my OneDrive by logging in as me remotely?

2-Could they have accessed payment information even though it is not shown but is saved with my MS account?

3-How do I check file activity in OneDrive using the iPhone app?

4-What are other actions I should take?

Answer 1

Hello JBN, thanks for posting.

Regarding your first question-Yes, if a suspicious sign‑in was marked successful, remote access to OneDrive was technically possible. A successful sign‑in means valid credentials were accepted, and without multi‑factor authentication enabled at the time, access would not have been restricted.

Payment data exposure is limited. Microsoft does not display full card details, only card type, last four digits, billing address, and subscriptions are visible. Full card numbers and CVV are never shown, though purchases could be made while a payment method is active.

The OneDrive iOS app shows limited activity. For detailed review, use https://onedrive.live.com to check file changes and sharing. To secure the account, enable MFA, review recent sign‑ins, and sign out everywhere.

 

Kind regards,

John Oli