Outlook users report suspicious activity from Microsoft IP

Outlook users report suspicious activity from Microsoft IP

Strange things are brewing in the Microsoft email world with several users reporting unusual login notifications for their Outlook accounts.

While an email of unusual login activity should always be treated with suspicion, the problem here is that the IP address causing the problem seems to come from Microsoft itself.

The messages, according to users, also appear in the unusual activity section of the company’s email website, ruling out a phishing attack. Some confirm that an automatic synchronization has occurred.

Microsoft’s support forums are full of confused and slightly concerned customers about notifications, who look like everyone at Microsoft or some miscreant with access to one of the company’s endpoints trying to access their box to letters. Users have wisely changed their passwords, but still sometimes see a successful sync among failed login attempts.

Even switching to two-factor authentication doesn’t seem to stop “unusual activity”.

As with many email providers, Microsoft triggers an unusual activity email or text message when it detects a sign-in attempt from a new location or device. Sometimes they can be completely legitimate; for example, connecting to webmail from abroad or adding a new mobile phone. Other times, they can be an indicator of nefarious activity.

Sometimes Microsoft ups the ante and blocks the user’s login to protect an account.

Register readers got in touch to complain about the situation, with one saying, “It’s been going on for a few days now, me and my wife affected.”

Our reader went on to speculate that maybe there were bad actors using Azure (hence the Redmond IPs) to break into accounts or maybe it was all just a mistake by the from one of Microsoft’s administrators. We asked the company to clarify, but a few days later they still haven’t responded.

In the absence of an explanation from the Windows giant, The register asked a tame computer scientist his opinion on the nature of the problem. He joked, “Let’s start by observing that Microsoft deems ITSELF suspicious. I call that progress!”

He went on to suggest that aside from something bad in the single sign-on service, perhaps the bad guys were reusing passwords from various disclosure lists “and had a deep enough irony streak to use Azure for breaches”.

Microsoft has been equally reluctant on its own support forums with a handful of employee comments interspersed among complaints suggesting changing your password, enabling two-factor authentication, or simply logging out of your account on Microsoft. all devices.

Might be a solution if only one or two users were having difficulty, but the problem seems to be a large number of Outlook.com clients.

One user noted, “Microsoft really needs to fix this, at the very least to confirm that this ‘unusual login activity’ (as they detected themselves and urgently alerted users to their account) does not is NOT an “account intrusion/compromise situation and possibly just an MS internal system issue OR, if this is a more serious issue, what steps will need to be taken to resolve.”

You would have to agree. The company’s relative silence on the matter is perhaps more concerning than the incident itself. If Microsoft responds with an explanation, we’ll update this article accordingly.

Another user said, “I would like to know why an IP address belonging to Microsoft is syncing with my Microsoft account, why it is marked as ‘suspicious’ and why it was able to sync successfully at least once before.” ®

#Outlook #users #report #suspicious #activity #Microsoft

Leave a Comment

Your email address will not be published.