Suspicious notification emails have recently been arriving in the inboxes of Microsoft Outlook users, but it turns out it’s all Microsoft’s fault.
During this week, numerous Outlook users have taken to Microsoft’s support forums, as well as different publications, to report that they keep getting notified of “unusual sign-in activity” on their email accounts.
This is a security email, usually triggered when a person logs into an email address from a previously unknown location, device, or IP address. It’s standard practice to help people know if an unauthorized person managed to access their account, and most internet services nowadays offer this type of security.
Late to the party
Even though some people changed their email passwords as soon as they were notified, and even though others have two-factor authentication active on their accounts, it didn’t stop Microsoft from sending the warning emails, leading some to suspect that it’s, in fact, a configuration error on Microsoft’s side. One person even said “It's driving me nuts”, as they’d been getting emails after changing their password multiple times.
It did end up being a misconfiguration on Microsoft’s side, as the company sent a brief statement to The Register, a few days later, saying it was, "working to resolve a configuration issue causing some customers to receive these notifications in error."
As it took Microsoft quite some time to reach out with an explanation, people were rightfully worried. An IT specialist told the publication that it was possible for threat actors to be reusing old passwords from various disclosure lists.
Others urged Microsoft to act quickly, and at least confirm that this wasn’t a breach, as people were getting itchy.
"I would like to know why a Microsoft-owned IP is syncing to my Microsoft account, why it is flagged as "suspicious", and why was it able to successfully sync at least once before,” one user told The Register.
- Looking for a solid email client? We have a list just for you
Via: The Register
