Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

35 comments on “Why Do I See Lots of Failed Login Attempts on My Account?”

  1. I got caught with this the other night to the point that it kept me up till early in the morning changing my passwords etc thinking someone was trying to get some info about something personal Until I worked out that the places from around the world I was getting attacked from were actually my other email sites that I had given permission to collect my outlook email from, so I could read outlooks email from a different Mail site like YandexMail from Russia if I wanted to , & that the false Logins were because I had changed my password on outlook earlier which caused false logins..
    And as soon as I went to Yandex for example & changed the password for the email address That it then stopped & I was able to go to bed.
    So I would suggest anyone else to think of any other websites or Email sites that have been given permission to collect or check their email from.
    AnyWay I think this may help someone as it helped me.

    Reply
  2. I was surprised as well to find the recent activity option in Outlook.com. Gmail is my main email and I let it collect mail from Outlook. My activity shows a successful sign-in about every hour, presumably from Gmail.

    Reply
  3. I’m in a difficult situation. I made the mistake of blowing the whistle on a fellow employee who did something illegal amongst other unethical things. Instead of investigating him, my boss has me under investigation and is trying to establish grounds for termination. When the investigation started (4 months ago), I suddenly noticed a series of failed attempts to login to my personal email account. The attempts stopped when the investigation ended. I was cleared of his false complaints, but he has kept me under his own investigation and has been harassing me. I just got demoted, the guy I reported was promoted and now I’m under investigation by HR, again, and the failed login attempts have started again. Is there anything I can do about this? They appear to be using TOR servers when trying to access my email. I’ve been trying to ride this out, but I’m at my wits end.

    Reply
    • Gary, it has been so long since you posted your concern about you blowing the wistle on someone but I would like for you as well as anyone else reading your comment to know; it is illegal for someone to retaliate against a person for blowing the whistle. You could seek legal assistance for this problem. There are attorneys that have free consultations. I would suggest you take that step because people that think they are above the law will continue to retaliate unless they are stopped through the legal process.

      Reply
  4. I’ve just checked my “recent activity” in outlook and have discovered multiple SUCCESSFUL login attempts from my home country (I’v.e been overseas of more than 2yrs). I’ve changed passwords on critical accounts. But I am freaking out. I’m not in the same position as Jason above – I haven’t given permission to any other sites to access my Hotmail account. How do I find out who has been hacking my account – I have the IP address and approximate location from the “recent activity” details. What else can I do??

    Reply
    • To the best of my knowledge you cannot find out who. Perhaps with lawyers and a court order – if there’s sufficient reason to involve them – but as an individual that information is simply not made available.

      Reply
  5. I checked the Recent Activity on my outlook.com email account. Wow! Every half hour I see someone is unsuccessful in trying to log into my account: I’m happy to say that they don’t have the right password. Just to be careful, I changed it tonight. A strange thing is that the IP address associated with this unsuccessful log in is my own IP address; this is too strange. It is as though I am trying to sign in to outlook every half hour and using an incorrect password. I now use a wildly random 15-character password generated with LastPass (a really great password management program) so I feel pretty secure thinking that they won’t ever gain the password. However, it is very upsetting to think that someone is continuing to try to get into my account. I’ll consider two-factor verification to be more secure. I wish Microsoft would step forward and offer to track down the individuals who are behind this mischief.

    Reply
    • If it’s coming from your own IP address then it’s more likely some program that you’ve configured with your Microsoft account and forgotten about. Nothing mischievous about it at all.

      Reply
  6. I’m seeing successful sign ins from hub cities almost every day this month. I just discovered this last night. Mostly in Chicago, Atlanta, and Kansas City. I have used Copy.com to transfer some audio files to a client. Could this be what is doing this?

    I changed my password yesterday and noticed another successful sign in this morning. Is this something related to iCloud? If it were a hacker, wouldn’t it show an unsuccessful password attempt since I have now changed my password?

    Thanks!

    Reply
  7. How far back does activity go? I can’t get to it yet because I need to send a code to my other account to view it, but I know my account has been hacked and wondered how far the data goes – 2 months? Or recent, recent?

    I also know this because 7 days ago my account changed to the Outlook Web Access without any prompt and without a tutorial!! I didn’t do this, so it must be someone accessing the account. Very worried! I also don’t have 360 on my account so can only imagine this has been linked by an exchange account or business account (as it says I have in my settings!) but don’t! Please help.

    Reply
  8. My boyfriend tried to open his hotmail while on my computer about 3 weeks ago but because we were in Asia, hotmail would not open. He just wrote me today that he has received about 10 emails about failed attempts to open his account and the one he just forwarded to me gives my IP address. I had not cleared the cookies from my computer (but now have) but I have a strong anti-virus. For some reason sometimes MSN’s homepage opens automatically and sometimes I do read the articles. I thought maybe the MSN homepage was trying to open hotmail and hence his account. However the timing of the message from today does not match my history for MSN today. Could this be a virus? I certainly look bad as it looks like I am trying to hack his email. I am using a hotel wifi system where the room number and name have to be input.

    Reply
    • These are cookies at work. They are supposed to make life easier. Some sites don’t have an option to “remember password” it just does it.
      When signing into ANYTHING that’s not my own pc, I always use ctrl+shift+p to open a private browsing window. This won’t store any cookies from my session.
      Had your bf done this, there would be no issue. Facebook is known to operate on this level as does Google/YouTube. Mostly for sale of voting as their content spreads wide and has integration with many websites for comments.

      Reply
  9. I’ve got a king size pain in the behind trying to get into my personal BT email address, as the amount of times I’ve had to change my password this past fortnight has been crazy, but mostly annoying. I’ve even got onto British Telecom about it too, to which the only thing they’ve advised me to do is change my security question too. That which I did last night, but trying to log into my email two minutes ago, it’s stated you’ve had too many attempts, please try again after 15 minutes. With the phone call I had with BT the other day too, I clarified as to whether you’re allowed 3 attempts to login to your email, which they said, “Yes”. But it was only one attempt I did two minutes to log into my email account, and it chucked the, “Please try after 15 minutes”, so it’s plain to see some plank is trying to get into my emails. How do I stop this altogether?????

    Reply
  10. I’ve noticed in the past 2 weeks someone has been trying to get onto my Gmail acct. Every few minutes someone tries to get in it and each time the phone tells me that the login in is unsuccessful. Should I be concerned? What can I do to prevent them from getting in? I already have a long password which is why they’re not sucessful in getting in. Please advise as I’m afraid the will eventually get in and steal my personal information, thank you.

    Reply
  11. I just checked one of my Outlook.com accounts, out of curiosity. Zero unlawful attempts. Only my Microsoft Outlook program regularly retrieving email by POP.

    Microsoft’s security pages seem rather well designed.

    Is it true, as they say, that in order to use a FIDO2 hardware key to authenticate into your account, you need to use Windows 10 and Edge ? This looks to me as a way to reduce users’ security, not enhance it…

    Reply
      • Geoblocking will depend on the security settings of the specific service. One service that does support this is LastPass. I use this to lock down access to LastPass to only from my current country. The only problem is that if you travel you need to remember to open up access from the countries that you will be visiting, or have a VPN service to take you back to your home country.

        Reply
  12. Every time I log into account activity, I see loads of regular activity that I easily Identify as my own. Then I see one or two unsuccessful attempts from places like India or the Ukraine. But once I’ve fully expanded all the activity it jumps to like 10-15 attempts from other countries places like Indonesia, Russia, Thailand and quite a few others. A few have attempted to hide their IP using a VPN. It always tells me “don’t worry, this was an unsuccessful attempt”. Which makes me worry even more, because the activity doesn’t fall off even after I said it wasn’t me. I get that Identity thieves are always trying to steal from people, but I feel that Microsoft could and should put some more effort into their own security. Also newsflash to anyone thinking an authenticator will fully protect you, if you get a keylogger on your computer or phone, it can render them effectively useless after a few uses.

    Reply
  13. I have been hacked on my windows live email account and when I look at the recent activity there is loads of failed attempts from several country IPs but I know for a fact that they got into my email, now the problem is that I want to change my password in Live (It is already 2 factor auth.) but when I change it it says that it can’t be done at this time because there has been too many failed logins recorded and to try at a later time. Is there a way to change my password quicker? TIA -Sean

    Reply
  14. My problem is that my backup email is getting security codes multiple times to reset the password. Worrying part is that the Microsoft account doesn’t show the full backup email. So someone find out that backup email address and is trying to reset my password..

    Reply
  15. Hello, I found your article by searching some information about securing my accounts. Beginning of this year I decided to go a step forward, use 2FA and so on. I see also lot of failing attempts for my e-mail account that I use daily, but none of them was successful.

    I think it began when one of my friends was indeed hacked, they got his contact list and I’m in it too :) So now, my e-mail is under attack. And using 2FA can be disturbing… Yesterday for example I received a notification in Microsoft Authenticator that someone tries to connect from another country.

    But I had a strange behavior these days. One of my accounts that I also secured was locked. I changed the password the day before and it’s pretty complex. This e-mail was never given to anybody, just for example the bank or my company. And I don’t register on websites with it. But I received an alert of suspicious activity… Saying that someone has the password. Now, the fun fact is that I unlocked the account (using my phone as a proof) and went to the activity log. And here, no suspicious activity, only my successful login from my own IP. How that’s possible? Does the activity log is not showing everything?

    Maybe the only thing that I remember, as I changed the password, is that Windows Mail on my PC complained about it two hours before the alert, and I had to approve using Microsoft Authenticator. I don’t get it. Even if someone got my password, since I activated 2FA I had to get a notification right? I scanned my PC for malware, nothing. I am thinking this may be a false positive because there is absolutely nothing suspicious in activity log.

    What do you think?

    Thanks.

    Reply
  16. I have NO Card or money attached to any account any where. Yet my Microsoft account has been tried to be hacked over and over. What is it these hackers are wanting? Poor people have never had money. Why are they convinced my name is a rich person name? I only know this cause another time of being hacked this was a reason I was given.

    Reply
  17. Message came up on messaging from Amazon and I believe it’s probably a scam. (АМАZON•АLЕRТ) Your account has been placed on hold due to too many unsuccessful sign in attempts. To resolve, see [link removed] didn’t click on that cuz I know it’s probably a scam and if you clicked on it your personal info would be stolen.

    Reply
    • That’s a common kind of phishing attack, sending out a message that you need to log in to recover your account. That would send you to a fake login page where you would enter your login credentials, (username and password) and they would have access to your account. In addition to being vigilant, two-factor authentication would keep them out even if they got your credentials.
      I removed the link because it would send people to the phishing page.
      The website obviously wasn’t an Amazon website even though it had Amazon as part of the email address.

      Reply
  18. My husband has been locked out of his Microsoft surface computer. He used it around 5pm and then when he came back to the computer later in the evening he was unable to get in. His IT guy said the only way this could happen is if some one tried unsuccessfully to login to the computer. Nobody had access to his computer. How does this happen. Thanks

    Reply
  19. If someone sees a lot of unsuccessful sign in attempts on their Microsoft account, they could add an alias to their account and make it the primary sign in for their account without actually having to change their email address.
    Just sign into your Microsoft account, go to Your Info. On the next page, under Account Info, select “Edit Account Info”. Under “Manage how you sign in to Microsoft”, users can add an alias to their account and make it the primary for signing in.
    Hackers often get their information via data breaches and try the email addresses to sign in on Microsoft and other sites. Using an alias can block those attempts without having to change the actual email address.
    I did this for an individual who used a Hotmail address for email and signing in. I added an alias using Outlook.com and made it the primary for signing in. His email addressed to “xxx.hotmail.com” still goes through because I didn’t delete that alias, but his unsuccessful sign in attempts have gone from dozens per day to zero.

    Reply
  20. Interestingly, I see no unsuccessful log-in attempts on my Microsoft account (I checked). First, I went passwordless as soon as the feature became available. Next, I use Windows Hello to sign in to Windows. Finally, I have 2FA enabled on my Microsoft account, so when I sign in, I have to use my phone to authenticate (for the first time) on any single device/OS/browser.

    I do see a large collection of successful logins. I took the time to go through all of them, and they’re all from me (I change/re-install GNU/Linux frequently – I’ve been looking for the ideal distribution for me, recently). Based on the evidence I see, I must be doing something right, at least with my Microsoft account.

    The following may be taking this discussion a bit off-topic, but I consider checking login attempts on my Microsoft account to be very closely associated with my overall security posture. Generally speaking, I take System/Internet security very seriously, while at the same time, I don’t let the black-hat-hackers (crackers) frighten me. I use a password manager to make it possible for me to use long, strong, unique passwords for all of my Internet accounts (Social services, Banking, Email, etc.), not just the important ones. I enable 2FA for all of my Internet accounts that support it, and for any I find that don’t, I carefully consider whether I want to use that service/create that account (newsletter sites exempted). In all cases to date, I don’t. I figure that if the site doesn’t care enough about my security to offer 2FA, I don’t need to use them for that service (I can usually find another provider that will offer 2FA). As passkeys become available, I intend to use them wherever I can, on all my computers/OS installations, because they’ll be even more secure than what I have enabled now.

    My2Cents (I hope this helps others),

    Ernie (Oldster)

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.