Microsoft account comprimised and someone did automatic sync and wondering if emails downloaded?

  • I have a Microsoft account and today I got a Security alert saying "We think that someone else might have accessed your account" and had to change my password. When I checked my account activity it said there was an automatic sync in Algeria and Mexico and China yesterday. Does this mean it is likely people have downloaded copies of all my emails? I am worried that every single one of my emails has been downloaded.

    This is what I see in my account activity in my Microsoft account:

    Yesterday 8:31 PM
    Automatic Sync
    Mexico
    Protocol: IMAP
    IP: 189.219.94.26
    Account alias:
    Time: Yesterday 8:31 PM
    Approximate location: Mexico
    Type: Successful sync
    You've secured your account since this activity occurred.
    Learn about more ways you can protect your account.
    

    I asked this question in the Microsoft forum but haven't had any replies.

    Welcome , can you add the source of the email ?

    Same here, today. "Automatic sync" via SMTP from Brazil on Nov 1; "Successful sign-in" from Mexico 3 hours ago; legit email (from MS servers and to two of my backup email addresses) and SMS from Microsoft 1 hour ago. Interestingly, I used quite a strong password that I don't use for anything else, as well as two-factor authentication. I use this account only for Skype and MS-related purposes (no incoming email) - still, it makes you wonder. It seems that the last login from Mexico used my Skype name, but that does not explain the SMTP sync from Brazil. What have you learnt about your incident?

    This occurred to my account and it ended up being a vulnerability with Skype. I found this article to be helpful. http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack

  • From what I can see, yes your emails have been compromised. If you look at the log you notice that it has synchronised IMAP - This suggests that the client has downloaded your email settings, folders and all of the emails contained In those folders.

    If you didn't know already IMAP is a popular protocol for incoming emails.

    Although we cannot be 100% sure of what was downloaded unless MS hands over the transfer logs (they won't), always assume the bad guys did their worst after security was compromised. They're are not criminally dumb criminals, after all.

    @Mindwin Yes this is true, hence why I said it suggests they downloaded everything - because why wouldn't they?

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used