Microsoft Account Recovery: Email changed to @autosecure.cy and 2FA bypassed

Question

I am posting this from a secondary account because my main Microsoft account has been hijacked, and I am stuck in a loop with the automated recovery tools. I am hoping someone here or a moderator can point me in the right direction.

The Incident: Beaming and autosecure.cy

Yesterday, I was suddenly signed out of all my sessions. When I tried to log back in, my password had been changed. I attempted a standard password reset, but the recovery options have been completely altered.

The system is now asking to send a verification code to an email address I do not recognize: [moderator note: PII removed]@autosecure.cy.

I have never used this autosecure domain. After doing some research, it seems this is a common tactic used by hackers to beam accounts. They use the .cy (Cyprus) domain to host their own mail servers, making it look like an official security address to confuse the victim and bypass security filters.

The Problem with Recovery

I have already tried the following, but nothing is working:

• The Account Recovery Form (ACSR): I provided my original account info, previous passwords, and billing details. However, I immediately received an automated response stating that because Two-Step Verification (2FA) is active, Microsoft ignores the recovery request.
• The 2FA Loop: The hacker has enabled their own 2FA using that @autosecure.cy address. Since the system sees 2FA as on, it won't allow me to prove my identity through the manual form, even though the hacker was the one who turned it on.

Seeking Escalation

I have years of purchase history, Xbox achievements, and original security info that proves the account is mine.

1. Does anyone know how to get in touch with a live support agent who can flag this autosecure.cy domain?
2. Is there a specific compromised account team that handles cases where 2FA was added by a hacker?

If you see autosecure.cy on your account recovery screen, be careful—it is a major red flag that your session tokens were stolen. Any advice on how to get past the automated bot would be life-saving.

Answer 1

Hello Lisa Pince,

I understand how worrying this situation is, especially when your Microsoft account email was changed and two‑step verification appears to have been bypassed.

I can see there is already a Q&A Assist answer in the thread, and its overall direction is appropriate for an account-compromise scenario. I would like to add a couple of clarifications.

First of all, please note that this is a user-to-user forum. Moderators and contributors (including external Microsoft employees) cannot access back-end account systems or reverse account/security changes. When all security information has been changed and two-step verification is enabled without your access to the verification methods, the automated recovery options (including forms) may not be able to validate ownership. In that situation, the remaining step is to contact Microsoft Support so the case can be reviewed through the official channel.

Please follow below steps to reach a live chat agent:

1, Visit the Microsoft Support contact page: Contact - Microsoft Support  

2, In the search bar provided on the page, type "Account recovery" and press Enter.  

3, Click on the "Get Help" button that appears.  

4, Scroll down the page until you see and click on the "Contact Support" option.  

5, When prompted to select your product or service, choose "Other Products".  

6, For the category, choose "Manage account security".  

7, Look for and click on "Chat with a support agent in your web browser".  

8, Confirm your personal email when prompted - this is the email Microsoft will use to communicate with you during and after the support session.  

9, When connected, clearly explain your situation. Be concise but include all relevant details.  

I hope this points you to the correct channel for further review and assistance.

Answer 2

For a hijacked Microsoft account where the email and 2FA have been changed by an attacker, only the official, automated recovery and compromised-account flows are available; support agents cannot bypass 2FA or manually override ownership for consumer accounts.

Actionable steps based on the current state:

1. Follow the hacked/compromised account process

• Use the official guidance for compromised accounts: How to recover a hacked or compromised Microsoft account.
• Key steps from that guidance:
  • Ensure all devices previously used with the account are clean (full antivirus/malware scan, or reset if needed) before attempting recovery.
  • Then attempt to sign in and either change the password or, if sign-in fails, use the password reset flow.

2. If password reset and normal verification fail

• When the attacker has changed security info and 2FA, the only remaining path is the account recovery form.
• Read and follow all details in Help with the Microsoft account recovery form carefully, then submit the form again using the dedicated recovery link from that article.
• Recommendations from similar compromised-account cases:
  • Use a device and location previously used to sign in to the account.
  • Provide as much historical detail as possible (old passwords, subject lines of emails sent, contacts, purchase details, etc.).
  • If a submission fails or times out, try again from a different device/browser or an InPrivate/Incognito window and a different network.

3. Hard limitation when 2FA is enabled and security info is replaced

• If two-step verification is turned on and none of the current security methods (phone/email/app) are accessible, support agents are not allowed to reset the password or change account details. This is explicitly called out in the recovery-form guidance:
  • When 2FA is on and no verification method is available, the system cannot be overridden by support.
• In similar Q&A cases where a hacker has replaced all security info (email, phone, authenticator) and the recovery form cannot validate enough data, the account is effectively unrecoverable.

4. When security info is lost but password is still known (for others reading)

• If the password is still known but some or all security info is lost, the documented path is:
  • Sign in and go to Advanced security options → Add a new way to sign in or verify, confirm it, then remove the compromised methods.
  • If all security info is lost, start sign-in, choose I don't have any of these, and follow the prompts; this triggers a 30‑day security-info replacement hold. During that period, the account may be restricted. Details are in Troubleshoot Microsoft verification code issues.

5. About escalation and live agents

• For consumer Microsoft accounts (Outlook.com/Hotmail/Xbox, etc.), there is no documented process where a live agent can bypass 2FA or manually “flag” a specific attacker domain and then restore access to an individual account.
• Moderator guidance in similar cases confirms:
  • The account recovery form and hacked-account workflow are the only supported methods.
  • If the form repeatedly fails to verify ownership (especially after security info has been replaced by an attacker), the account cannot be recovered, and support cannot override this.

6. Damage control if recovery fails

• If recovery ultimately fails, recommended steps from similar compromised-account scenarios:
  • Inform contacts (from another email, messaging, or social channels) that the Microsoft account is compromised and to ignore messages, links, or attachments from it.
  • Secure all other accounts that might have used the same password or that were linked to this Microsoft account.
  • Continue to monitor other services (banking, social media, etc.) for suspicious activity.

There is no separate “2FA override” or special compromised-account team for consumer accounts beyond the automated hacked-account and recovery-form processes already described in the official documentation.

---

References:

• Help with the Microsoft account recovery form
• Common problems with two-step verification for a work or school account
• Troubleshoot Microsoft verification code issues
• How to recover a hacked or compromised Microsoft account
• What happens if there's an unusual sign-in to your account
• Need help with hacked microsoft account - Microsoft Q&A
• My account got hacked - Microsoft Q&A
• Hacker set up continuous draft ransomware email - Microsoft Q&A
• Unable to change password in my Outlook - Microsoft Q&A
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A