We’re all under constant attack.
Honestly, what you’re seeing doesn’t surprise me at all. Most people don’t realize that we are all under constant attack. Every account, every server, and every machine connected to the internet is subject to slow, persistent, and unrelenting aggression from hackers trying to go where they don’t belong.
But it’s also normal.
I have some suggestions for what you should do, but closing your account isn’t one of them.
Become a Patron of Ask Leo! and go ad-free!
Lots of failed login attempts?
It’s common to see failed login attempts from various locations around the globe. It’s due to constant cyberattacks targeting all online accounts. This doesn’t necessarily mean you’re at immediate risk, especially if these attempts are unsuccessful. Instead of closing your account, secure it with a strong, unique password. Add two-factor authentication for even more safety.
Recent activity in Outlook.com
Your Hotmail account is handled by Outlook.com and is a Microsoft account — also formerly known as a “Windows Live” account. As of this writing, information about recent activity is available via this URL:
https://account.live.com/Activity
You may be asked to confirm your identity with an extra step that involves re-entering your password or a code sent to a phone number or alternate email address on record.
Above is a snapshot of my Microsoft account’s recent activity. You’ll notice failed attempts from China, Russia, and Brazil. Note that each was an unsuccessful sign-in.1
These are just password probes. They’re just testing passwords that are known to be used elsewhere. All they need to know for this type of probe is my email address. Since they’ve failed, they don’t know the password, and thus it’s nothing to be concerned about.
Because I use two-factor authorization (2FA), even if they do know the password, they’ll be challenged by the 2FA, which will fail. However, that would indicate that they know my password, and I should change it.
The only time you need to secure an account as quickly as possible (see below for how) is when you see successful sign-ins that aren’t you. A string of unsuccessful sign-in entries — failed login attempts — are the system working as it should: hackers and others are being denied access to your account.
We are all under constant attack
All our accounts, computers, servers, and connected devices are under constant attack. Attacks may be slow or fast, targeted at specific accounts, or just trying things randomly, but they are never-ending.
Hackers, bots, and who knows what else try to access any account by any means they can find. They’re typically unsuccessful, but it only takes once to get hacked. From their perspective, even if they trigger millions of automated attempts and get into only one account, they’re successful.
Secure your account
The single most important thing you can do is secure your account with a good and unique password — the longer and more random the better. Ideally, use a password manager like 1Password, which enables you to easily choose passwords so random there’s no way to remember them.
Related
Is Passwordless Authentication Safe?
Passwordless authentication removes the need for a password and replaces it with something else. But can that be secure?And never, ever use the same password on more than one site. Very often these automated hacking attempts are hackers exploiting data they found somewhere else. Perhaps a different account or service has been hacked, and they’re trying the password they found there at every other account they can think of that might be related.
That approach can be surprisingly successful if you re-use passwords.
Consider two-factor authentication
I strongly suggest two-factor authentication for any account you consider to be sensitive. With 2FA, hackers can have your password and still not get in because they can’t prove possession of the second factor.
Here’s one example of 2FA: to log in to my Outlook.com account, I need a number generated by an application on my smartphone.2 It proves I am in possession of my second factor: my smartphone. Even if a hacker gets my password, they still can’t log in, because they don’t have that second factor. (Even better, I recently changed my Microsoft account to be passwordless so the hackers are simply banging away at something that could never possibly work.)
Do this
Even if you’re seeing lots of failed login attempts, it’s nothing to be truly concerned about. The failed login attempts indicate that the system is working as it should.
It’s just a reminder of how important password and account security is.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Footnotes & References
1: “Automated Sync” is documented as “When you connect your Microsoft account to an app or service that manages emails, it needs to sign in as you. You can expect to see the same automatic sync activity at regular time intervals.”
2: Technically, only the first time I log in to a new machine, should I so choose. After that, the machine can be “trusted”. For hackers, every time is the first time.
Podcast audio
Related Video
I got caught with this the other night to the point that it kept me up till early in the morning changing my passwords etc thinking someone was trying to get some info about something personal Until I worked out that the places from around the world I was getting attacked from were actually my other email sites that I had given permission to collect my outlook email from, so I could read outlooks email from a different Mail site like YandexMail from Russia if I wanted to , & that the false Logins were because I had changed my password on outlook earlier which caused false logins..
And as soon as I went to Yandex for example & changed the password for the email address That it then stopped & I was able to go to bed.
So I would suggest anyone else to think of any other websites or Email sites that have been given permission to collect or check their email from.
AnyWay I think this may help someone as it helped me.
I was surprised as well to find the recent activity option in Outlook.com. Gmail is my main email and I let it collect mail from Outlook. My activity shows a successful sign-in about every hour, presumably from Gmail.
I’m in a difficult situation. I made the mistake of blowing the whistle on a fellow employee who did something illegal amongst other unethical things. Instead of investigating him, my boss has me under investigation and is trying to establish grounds for termination. When the investigation started (4 months ago), I suddenly noticed a series of failed attempts to login to my personal email account. The attempts stopped when the investigation ended. I was cleared of his false complaints, but he has kept me under his own investigation and has been harassing me. I just got demoted, the guy I reported was promoted and now I’m under investigation by HR, again, and the failed login attempts have started again. Is there anything I can do about this? They appear to be using TOR servers when trying to access my email. I’ve been trying to ride this out, but I’m at my wits end.
Gary, it has been so long since you posted your concern about you blowing the wistle on someone but I would like for you as well as anyone else reading your comment to know; it is illegal for someone to retaliate against a person for blowing the whistle. You could seek legal assistance for this problem. There are attorneys that have free consultations. I would suggest you take that step because people that think they are above the law will continue to retaliate unless they are stopped through the legal process.
I’ve just checked my “recent activity” in outlook and have discovered multiple SUCCESSFUL login attempts from my home country (I’v.e been overseas of more than 2yrs). I’ve changed passwords on critical accounts. But I am freaking out. I’m not in the same position as Jason above – I haven’t given permission to any other sites to access my Hotmail account. How do I find out who has been hacking my account – I have the IP address and approximate location from the “recent activity” details. What else can I do??
To the best of my knowledge you cannot find out who. Perhaps with lawyers and a court order – if there’s sufficient reason to involve them – but as an individual that information is simply not made available.
I checked the Recent Activity on my outlook.com email account. Wow! Every half hour I see someone is unsuccessful in trying to log into my account: I’m happy to say that they don’t have the right password. Just to be careful, I changed it tonight. A strange thing is that the IP address associated with this unsuccessful log in is my own IP address; this is too strange. It is as though I am trying to sign in to outlook every half hour and using an incorrect password. I now use a wildly random 15-character password generated with LastPass (a really great password management program) so I feel pretty secure thinking that they won’t ever gain the password. However, it is very upsetting to think that someone is continuing to try to get into my account. I’ll consider two-factor verification to be more secure. I wish Microsoft would step forward and offer to track down the individuals who are behind this mischief.
If it’s coming from your own IP address then it’s more likely some program that you’ve configured with your Microsoft account and forgotten about. Nothing mischievous about it at all.
I’m seeing successful sign ins from hub cities almost every day this month. I just discovered this last night. Mostly in Chicago, Atlanta, and Kansas City. I have used Copy.com to transfer some audio files to a client. Could this be what is doing this?
I changed my password yesterday and noticed another successful sign in this morning. Is this something related to iCloud? If it were a hacker, wouldn’t it show an unsuccessful password attempt since I have now changed my password?
Thanks!
How far back does activity go? I can’t get to it yet because I need to send a code to my other account to view it, but I know my account has been hacked and wondered how far the data goes – 2 months? Or recent, recent?
I also know this because 7 days ago my account changed to the Outlook Web Access without any prompt and without a tutorial!! I didn’t do this, so it must be someone accessing the account. Very worried! I also don’t have 360 on my account so can only imagine this has been linked by an exchange account or business account (as it says I have in my settings!) but don’t! Please help.
My boyfriend tried to open his hotmail while on my computer about 3 weeks ago but because we were in Asia, hotmail would not open. He just wrote me today that he has received about 10 emails about failed attempts to open his account and the one he just forwarded to me gives my IP address. I had not cleared the cookies from my computer (but now have) but I have a strong anti-virus. For some reason sometimes MSN’s homepage opens automatically and sometimes I do read the articles. I thought maybe the MSN homepage was trying to open hotmail and hence his account. However the timing of the message from today does not match my history for MSN today. Could this be a virus? I certainly look bad as it looks like I am trying to hack his email. I am using a hotel wifi system where the room number and name have to be input.
These are cookies at work. They are supposed to make life easier. Some sites don’t have an option to “remember password” it just does it.
When signing into ANYTHING that’s not my own pc, I always use ctrl+shift+p to open a private browsing window. This won’t store any cookies from my session.
Had your bf done this, there would be no issue. Facebook is known to operate on this level as does Google/YouTube. Mostly for sale of voting as their content spreads wide and has integration with many websites for comments.
I’ve got a king size pain in the behind trying to get into my personal BT email address, as the amount of times I’ve had to change my password this past fortnight has been crazy, but mostly annoying. I’ve even got onto British Telecom about it too, to which the only thing they’ve advised me to do is change my security question too. That which I did last night, but trying to log into my email two minutes ago, it’s stated you’ve had too many attempts, please try again after 15 minutes. With the phone call I had with BT the other day too, I clarified as to whether you’re allowed 3 attempts to login to your email, which they said, “Yes”. But it was only one attempt I did two minutes to log into my email account, and it chucked the, “Please try after 15 minutes”, so it’s plain to see some plank is trying to get into my emails. How do I stop this altogether?????
I’ve noticed in the past 2 weeks someone has been trying to get onto my Gmail acct. Every few minutes someone tries to get in it and each time the phone tells me that the login in is unsuccessful. Should I be concerned? What can I do to prevent them from getting in? I already have a long password which is why they’re not sucessful in getting in. Please advise as I’m afraid the will eventually get in and steal my personal information, thank you.
You could set up an extra level of security with two factor authentication. More in this article: https://askleo.com/two-factor-authentication-keeps-the-hackers-out/
You could add two-factor authentication to the account. But having a strong password is your first, best defense.
I just checked one of my Outlook.com accounts, out of curiosity. Zero unlawful attempts. Only my Microsoft Outlook program regularly retrieving email by POP.
Microsoft’s security pages seem rather well designed.
Is it true, as they say, that in order to use a FIDO2 hardware key to authenticate into your account, you need to use Windows 10 and Edge ? This looks to me as a way to reduce users’ security, not enhance it…
Hi there
Do you know of a way to geoblock those sign-in requests?
Regards
Will
Nope.
Geoblocking will depend on the security settings of the specific service. One service that does support this is LastPass. I use this to lock down access to LastPass to only from my current country. The only problem is that if you travel you need to remember to open up access from the countries that you will be visiting, or have a VPN service to take you back to your home country.
Every time I log into account activity, I see loads of regular activity that I easily Identify as my own. Then I see one or two unsuccessful attempts from places like India or the Ukraine. But once I’ve fully expanded all the activity it jumps to like 10-15 attempts from other countries places like Indonesia, Russia, Thailand and quite a few others. A few have attempted to hide their IP using a VPN. It always tells me “don’t worry, this was an unsuccessful attempt”. Which makes me worry even more, because the activity doesn’t fall off even after I said it wasn’t me. I get that Identity thieves are always trying to steal from people, but I feel that Microsoft could and should put some more effort into their own security. Also newsflash to anyone thinking an authenticator will fully protect you, if you get a keylogger on your computer or phone, it can render them effectively useless after a few uses.
Microsoft and other account providers are doing a good job. As long as you have a good password and preferably two factor authorization you should be safe. It’s not possible to prevent people from trying to get in, but good security practices make it impossible for them to succeed.
I have been hacked on my windows live email account and when I look at the recent activity there is loads of failed attempts from several country IPs but I know for a fact that they got into my email, now the problem is that I want to change my password in Live (It is already 2 factor auth.) but when I change it it says that it can’t be done at this time because there has been too many failed logins recorded and to try at a later time. Is there a way to change my password quicker? TIA -Sean
Not that I’m aware of.
My problem is that my backup email is getting security codes multiple times to reset the password. Worrying part is that the Microsoft account doesn’t show the full backup email. So someone find out that backup email address and is trying to reset my password..
Hello, I found your article by searching some information about securing my accounts. Beginning of this year I decided to go a step forward, use 2FA and so on. I see also lot of failing attempts for my e-mail account that I use daily, but none of them was successful.
I think it began when one of my friends was indeed hacked, they got his contact list and I’m in it too :) So now, my e-mail is under attack. And using 2FA can be disturbing… Yesterday for example I received a notification in Microsoft Authenticator that someone tries to connect from another country.
But I had a strange behavior these days. One of my accounts that I also secured was locked. I changed the password the day before and it’s pretty complex. This e-mail was never given to anybody, just for example the bank or my company. And I don’t register on websites with it. But I received an alert of suspicious activity… Saying that someone has the password. Now, the fun fact is that I unlocked the account (using my phone as a proof) and went to the activity log. And here, no suspicious activity, only my successful login from my own IP. How that’s possible? Does the activity log is not showing everything?
Maybe the only thing that I remember, as I changed the password, is that Windows Mail on my PC complained about it two hours before the alert, and I had to approve using Microsoft Authenticator. I don’t get it. Even if someone got my password, since I activated 2FA I had to get a notification right? I scanned my PC for malware, nothing. I am thinking this may be a false positive because there is absolutely nothing suspicious in activity log.
What do you think?
Thanks.
Not sure what to say. I would continue to keep an eye on things, and good on you for using 2FA.
I have NO Card or money attached to any account any where. Yet my Microsoft account has been tried to be hacked over and over. What is it these hackers are wanting? Poor people have never had money. Why are they convinced my name is a rich person name? I only know this cause another time of being hacked this was a reason I was given.
Hackers have no idea of their victims’ financial status until they’ve hacked the account. They use a machine gun approach and go after as many people as they can.
Message came up on messaging from Amazon and I believe it’s probably a scam. (АМАZON•АLЕRТ) Your account has been placed on hold due to too many unsuccessful sign in attempts. To resolve, see [link removed] didn’t click on that cuz I know it’s probably a scam and if you clicked on it your personal info would be stolen.
That’s a common kind of phishing attack, sending out a message that you need to log in to recover your account. That would send you to a fake login page where you would enter your login credentials, (username and password) and they would have access to your account. In addition to being vigilant, two-factor authentication would keep them out even if they got your credentials.
I removed the link because it would send people to the phishing page.
The website obviously wasn’t an Amazon website even though it had Amazon as part of the email address.
My husband has been locked out of his Microsoft surface computer. He used it around 5pm and then when he came back to the computer later in the evening he was unable to get in. His IT guy said the only way this could happen is if some one tried unsuccessfully to login to the computer. Nobody had access to his computer. How does this happen. Thanks
If you sign in with a Microsoft account, someone could have attempted to hack the account online. Presumably the block will lift in 24 hours.
If someone sees a lot of unsuccessful sign in attempts on their Microsoft account, they could add an alias to their account and make it the primary sign in for their account without actually having to change their email address.
Just sign into your Microsoft account, go to Your Info. On the next page, under Account Info, select “Edit Account Info”. Under “Manage how you sign in to Microsoft”, users can add an alias to their account and make it the primary for signing in.
Hackers often get their information via data breaches and try the email addresses to sign in on Microsoft and other sites. Using an alias can block those attempts without having to change the actual email address.
I did this for an individual who used a Hotmail address for email and signing in. I added an alias using Outlook.com and made it the primary for signing in. His email addressed to “xxx.hotmail.com” still goes through because I didn’t delete that alias, but his unsuccessful sign in attempts have gone from dozens per day to zero.
Interestingly, I see no unsuccessful log-in attempts on my Microsoft account (I checked). First, I went passwordless as soon as the feature became available. Next, I use Windows Hello to sign in to Windows. Finally, I have 2FA enabled on my Microsoft account, so when I sign in, I have to use my phone to authenticate (for the first time) on any single device/OS/browser.
I do see a large collection of successful logins. I took the time to go through all of them, and they’re all from me (I change/re-install GNU/Linux frequently – I’ve been looking for the ideal distribution for me, recently). Based on the evidence I see, I must be doing something right, at least with my Microsoft account.
The following may be taking this discussion a bit off-topic, but I consider checking login attempts on my Microsoft account to be very closely associated with my overall security posture. Generally speaking, I take System/Internet security very seriously, while at the same time, I don’t let the black-hat-hackers (crackers) frighten me. I use a password manager to make it possible for me to use long, strong, unique passwords for all of my Internet accounts (Social services, Banking, Email, etc.), not just the important ones. I enable 2FA for all of my Internet accounts that support it, and for any I find that don’t, I carefully consider whether I want to use that service/create that account (newsletter sites exempted). In all cases to date, I don’t. I figure that if the site doesn’t care enough about my security to offer 2FA, I don’t need to use them for that service (I can usually find another provider that will offer 2FA). As passkeys become available, I intend to use them wherever I can, on all my computers/OS installations, because they’ll be even more secure than what I have enabled now.
My2Cents (I hope this helps others),
Ernie (Oldster)