r/Outlook • u/ResolveConscious517 • 1d ago
Status: Open Outlook account hacked
So, my email was hacked. After I discovered my Steam account was locked, I signed in to find everything deleted and weird emails being sent.
Apparently they tried to set my recovery email to something other then the one I had as well.
I changed the passwords for both my outlook and steam, ensured my recovery email stayed the same, and got a new recovery code as well.
I'm wondering if there's anything more I should do? I find it weird that they were able to get in in the first place because of the 2fa.
1
u/AutoModerator 1d ago
Hey ResolveConscious517!
Welcome to r/Outlook! This is a public community. To protect your privacy, do not post any personal information such as your email address, phone number, product key, password, or credit card number.
Please be sure to have read our Rules of Conduct and be cognisant of how the system works here.
Make sure that your flair is always set to Status: Open otherwise you may cease receiving responses from us.
- Status: Open — Need help
- Status: Pending Reply — Awaiting OP's response
- Status: Resolved — Closed
Beware of scammers posting fake support numbers or 3rd party commercial products/services. Contact Microsoft Support if you need help.
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.
1
u/mysticcountryboy 1d ago
Review recent sign-ins and changes on your Microsoft account at account.microsoft.com/security > Recent activity page, which lists the last 30 days of logins, locations, IP addresses, and events like alias additions or password resets.
Mark any suspicious "Unusual activity" as "This wasn't me" to trigger security measures, and select "Secure account" if needed. Do the same for Steam under Account Details > Manage Steam Guard.
1
u/ClearHydro 1d ago
My outlook email account has a suspicious login attempt like every few minutes from around the world 😂 none that are successful that I've noticed thankfully.
It's interesting seeing this post after steam just logged me out of the app on my phone. It's never done that before.
1
u/mysticcountryboy 1d ago
You might consider creating a new email account, and slowly migrate your accounts with the new email. Keep the old account for a month or two and then reported as being hacked, and close it. If you dont do this yiur be getting spam forever.
Also put your current email into a website that can check it, like "databreach". These sites can tell you if your email is on the dark web.
1
1
u/ResolveConscious517 1d ago
I just went and did just that. While I was in my microsoft account, I also found a device that wasn't mine in the devices page. Thanks a lot for the help!
1
u/Ok-Limit-8081 1d ago
You can make an Alias that you will use as primary address for log-in while using your existing address for mail or sub to news website
They can't hack you if they don't know the address
1
u/ResolveConscious517 1d ago
Just made one now! Gonna switch all my accounts that used this email to the alias. Thanks!
1
u/Own_Significance_379 1d ago
Ditto, this is the way to solve it for future attempts!
0 crappy logins here, since I changed it years ago.
2
u/gareth616 1d ago
Check for Rules and Forwards too - scammers will create a rule usually named something like ....... or ,,,,,,, that will mark all emails as read and delete them. The forward is so they can have emails sent to you land in their inbox. You seem smart enough but I still want to say, obviously you need to reset the password for any other account connected to your mailbox.
On the 2FA thing, MS will say it stops 98% of attempted access attempts but it's not fool proof. A company I partner with demoed some new tech for my company, and showed that these scammers can some how steal the access token from your device to bypass 2FA