Account Hijacked - Recovery Email Changed to autosecure.cy

Question

I’m posting this from a backup account because I’ve been completely locked out of my primary Microsoft/Gaming account and I’m hitting a dead end with the automated recovery tools.

The Situation

When I try to sign in, my usual password is flagged as incorrect. I attempted a standard password reset, but I hit a major roadblock at the verification stage.

When the system asks where to send the security code, it shows an email address I have never seen before. The hint shows the first two letters are "cy" and the domain is @autosecure.cy.

The Problem

It seems like a "beaming" or phishing attack where the hacker didn't just change my password, but immediately swapped my recovery email to this "autosecure" domain—which I assume is a fake security service used to mock victims.

I have tried the following:

Authenticator App: My app is no longer receiving push notifications for this account, so I can't bypass the login that way.

Recovery Form (ACSR): I submitted the official recovery form with my original billing info and account history. However, I received an automated reply stating that because Two-Factor Authentication (2FA) was active, the manual review request is automatically rejected.

My Request

Since the hacker has control of the 2FA methods (the new email and potentially a hardware key or app link), I am stuck in a loop. I have proof of original ownership, including digital receipts for purchases made on the account.

Does anyone know how to escalate this to a live support agent or a specific account protection team? The automated bot keeps closing my case because it sees the "new" 2FA as legitimate.

Any help would be greatly appreciated!

Answer 1

Hey there! Nice to meet you!

I'm sorry you are experiencing this.

Since the security info has been replaced and the 2FA has been enabled by the hacker, I'm afraid there is no other working method to recover the Microsoft account, and Microsoft Support cannot help either.

Thank you for your understanding.

Best regards,

Darhyl

Answer 2

The described symptoms match a fully compromised consumer Microsoft account where the attacker has changed both the password and the security/2FA info. In this state, only the official automated recovery paths can be used; if those fail, there is no supported escalation path that can override them, even for 2FA-protected accounts.

Actionable steps based on supported guidance:

1. Use the official hacked/compromised account flow
   • Start with the hacked-account helper, which routes to the correct recovery options and support entry points: Start.
   • This tool will either present self-service recovery or options to contact support, depending on region and account type.
2. Complete the account recovery form as thoroughly as possible
   • The ACSR form is the only way to prove ownership once the attacker has replaced security info. Moderator guidance confirms that when security info (email/phone/2FA) has been changed, recovery is entirely dependent on this automated process.
   • Use a familiar device and network and provide every detail available (old passwords, contacts, subject lines, purchase details, etc.).
   • If a submission is rejected, it can be updated and resubmitted (up to a limited number of times per day). If the form continues to fail, the account is treated as unrecoverable.
3. Understand the 2FA limitation
   • When 2FA is enabled and the attacker controls the second factor, support agents are not allowed to bypass or disable it for consumer accounts. Moderator answers explicitly state that if the hacker has replaced the security info and the recovery form fails, there is no other working method and Microsoft Support cannot override the automated decision.
4. If recovery ultimately fails
   • If the recovery form and hacked-account helper do not restore access, the account (and associated services such as Outlook.com and gaming entitlements) is considered unrecoverable under current policies.
   • In that case, the only remaining steps are:
     • Create a new Microsoft account.
     • Secure all devices (full malware/antivirus scans, OS security updates) to prevent repeat compromise, as outlined in the hacked-account guidance.
     • Notify contacts from another account that the old address is compromised and should be treated as unsafe.

There is no supported method to “escalate past” the automated 2FA and recovery checks to a special team that can manually override ownership when those systems treat the attacker’s 2FA as valid.

---

References:

• How to recover a hacked or compromised Microsoft account
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• Need help with hacked microsoft account - Microsoft Q&A
• My account got hacked - Microsoft Q&A
• hello my email was (Moderator note: PII removed)@icloud.com and now its (Moderator note: PII removed)@jerkoffmail.com can please someone help me and the team change it my username in xbox is (Moderator note: PII removed) please help me team and change it - Microsoft Q&A