It’s just login attempt when you’re setup this way.
It happened to my account AFTER I changed the password.
I do not believe accounts are setup this why by default and Microsoft does encourage you to use better 2fa as well.
Requiring a token + password before authentication is attempted is common, the password being entered triggers the token but it doesn’t mean you’re in.
This is not Microsoft doing something wrong, it’s Microsoft protecting an account that ought to have been protected better.
OP needs to go in and configure actual 2factor
In the same way google will log the location and browser fingerprint and whatnot from attempted logins whether they’re successful or not.
Yup, that would indicate that likely a bot is trying to guess it’s way in.
You are still safe.
The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn’t teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.
If you’re still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.
Two-factor/password manager is the “remember to brush and floss” of the security industry, so… Please do those things. :)
Considering most of the attempts are from India and Brazil I suspect a service you signed up for has sold your email to unsavory data brokers and now a bunch of scam companies are doing that MFA attack on you
You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.
I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.
Well, I found the recent activity and none of these were me. At least they all appear to say Unsuccessful sign-in.
deleted by creator
FWIW Microsoft does a blind token here meaning they send it if your password is correct or not.
In that way the person attempting to gain access has no context of if the password is correct or not
deleted by creator
It’s just login attempt when you’re setup this way.
It happened to my account AFTER I changed the password.
I do not believe accounts are setup this why by default and Microsoft does encourage you to use better 2fa as well.
Requiring a token + password before authentication is attempted is common, the password being entered triggers the token but it doesn’t mean you’re in.
This is not Microsoft doing something wrong, it’s Microsoft protecting an account that ought to have been protected better.
OP needs to go in and configure actual 2factor
In the same way google will log the location and browser fingerprint and whatnot from attempted logins whether they’re successful or not.
Yup, that would indicate that likely a bot is trying to guess it’s way in.
You are still safe.
The only weird thing here is that Microsoft lets such things bother you instead of guessing that you didn’t teleport to Brazil and instead putting a little extra burden on the Brazil end before sending you an email.
If you’re still feeling worried, the biggest thing you can do is enable two-factor auth (which you should do anyway), or even better: enable something like passkeys which are very secure and also easier than username/password.
Two-factor/password manager is the “remember to brush and floss” of the security industry, so… Please do those things. :)
Considering most of the attempts are from India and Brazil I suspect a service you signed up for has sold your email to unsavory data brokers and now a bunch of scam companies are doing that MFA attack on you
You can create an email alias for your Microsoft account and then only enable login from that account. If you then do not use that email for anything but the login, you should be pretty safe from credential stuffing attacks.
I had a very similar issue with multiple failed login attempts and changing my login email stopped it right away.