Client locked out of MSN account in an interesting way.

[thecomputerguy]

MSN, yes I know ... she's an older legacy residential client. Anyways, she contacted me because she was having some difficulty getting her email working on her computer, New Outlook, and her phone.

Turned out the reason why she was having difficulty was because her account was compromised. It looks like they gained access to her MSN account.

This probably happened when she was on Amsterdam websites since she will be travelling there, and then used that to sign into edge and installed a cookie exporter extension and exported all of her cookies and session data. They then used that compromise her Amazon, Instagram, and Facebook.

My attempts to re-secure the account were difficult because every time I deleted their rules, they kept popping up and I wasn't sure how. I was eventually able to get the account secured but the bad party still spammed her email account with failed login attempts locking her MSN account.

Now ... it's like permanently locked. When I try to login at msn.com or microsoftstore.com or outlook.com - it's been locked without being able to reset since Friday and now she's getting nervous.

I get this:



When I try to reset the password using either SMS or Email verification (My email is her backup) I get this after I enter my email in and click get code



Edit:

I tried fixing this in incognito and edge inprivate ... it's not a cache issue on my end.

I also tried resetting her account from a remote station I have access to.

 

[callthatgirl]

This is why I stopped helping personal MS account holders with password issues, it's a give up. I have lost a lot of billable time because we as techs, can't fix it unfortunately.

Nothing wrong with helping people on these accounts, so no need to say what you did in the beginning. These are impossible for us to help with.

 

[thecomputerguy]

Heres a new one:



I clicked the link and filed an appeal for her

 

[Porthos]

and then used that to sign into edge and installed a cookie exporter extension and exported all of her cookies and session data.

Hope you got that cleaned as well.

 

[thecomputerguy]

Wow ... MS actually unbanned the account

 

[frase]

Had this many times before, it seems that the account has been compromised and the address has been used in a scam.

 

[britechguy]

MS actually unbanned the account

I've helped two people, I think (the count is definitely 5 or fewer) with this over the years. They were unbanned, too, after being able to identify things like past passwords for the account and other idiosyncratic things that most hackers just don't care enough to even try to know. Even identity theft is a "smash and grab" affair that does not last forever on the thief's end. For the victim, though, the aftermath is much, much longer.

 

[thecomputerguy]

I just locked her account up with every MFA option they offer including storing the recovery key. I can still see foreign attempts to login but they are all unsuccessful. Hopefully mass failures doesn't cause it to get locked up again.