Strange happenings with my MS account

TraderGary · Jun 5, 2023

glasskuter said:
I can't say whether it was or wasn't. I just know something is fishy. This is totally separate from the phishing emails. The email today said the file was changed today by this Leandro Nogueira person and sure enough, when I went to onedrive on the web, there was a valid file there by that name showing it had been altered this morning with his name by it. It was not a shared file and was useless to anyone but me. So the only way it could have been altered was for someone signed in as me to alter it. But if that be the case, why was this Leandro Nogueira person's name listed being the one who altered it. It makes no sense to me how this could have happened.I 've reported it to Onedrive support to see if there's an explanation.

Gary, you know I'm not a big onedrive user. I use the vault for a few important files and I have a list of passwords in there. I've dropped a few files into onedrive documents to use on the go. 3 or 4 times I've shared a file here on this forum. Other than that there's so little in my onedrive so I'm not too concerned about the files and I'm pretty confident the vault wasn't breached. I didn't get 2FA on my phone. What concerns me is the possibility that someone has access to my MS account. That email account is my user name for just about every other account I have. Every one of my finances and health related accounts. Of course now I've changed the password and am in the process of changing a bunch of other passwords for important accounts that have that email tied to them.
Oh well, I'll probably never know the how and why of it.

As you know, I'm a heavy OneDrive user and have been for many years. I keep all my data in my Local OneDrive folder and I have "Files On Demand" turned OFF. This gives me a 24/7 real-time mirror backup of all my data, including all my photos, in cloud OneDrive. Never, in all the years I've used OneDrive, have I ever had any evidence of anything like you're relating.

I have to ask this, when you went to OneDrive to check for the file that was changed by Leandro Nogueira, did you do so by your own OneDrive link or by a link in the email you received? Did you check that same OneDrive file using your System Two computer?

OneDrive requires an active Microsoft Account. In order to get to your cloud OneDrive, you must log in to an active Microsoft Account. If, in fact, someone has access to your OneDrive files, they have access to your Microsoft Account. You said that you immediately changed your Microsoft Account password. That should stop anyone that had the old MS Account password.

Unless someone has gained access to your computer itself without your knowledge!

If this were my situation, I would do a clean install of both of my computers. There is no other way to be certain that you are using a clean system, not even with a Macrium Restore.

bikemanI7 · Jun 5, 2023

Been using MS OneDrive since before it was called Onedrive back in the day (Skydrive) never experienced issues like the OP is experiencing though, but i do use 2 factor authentication, and so far so good. But will check over my security settings more and recent sign ins think as well just to feel safe i think

glasskuter · Jun 5, 2023

TraderGary said:
did you do so by your own OneDrive link or by a link in the email you received? Did you check that same OneDrive file using your System Two computer?

I did not use the link in the email. I manually typed in Onedrive.live.com and signed in. This is what I do on the rare occasion I drop a file into onedrive.
No, I didn't try System 2. It's rarely turned on as it's only a backup.
I checked for malware , adware, etc.
It's a crazy deal. I made the mistake of deleting the file in onedrive before I contacted MS to investigate. I shouldn't have done that. But I didn't delete the email which has a link back to this Leandro Nogueira dude. Maybe MS can still tell me what happened. I'm not too worried though I am taking precautions with all my sensitive account logins. Those passwords probably needed changing anyway. I just had never seen it happen before and was curious if anyone else had.

Sigh...sometime I just hate technology.

TraderGary · Jun 5, 2023

You can restore the OneDrive file you deleted! There is a cloud OneDrive Recycle Bin that keeps a copy of deleted OneDrive cloud files for 30 days.

glasskuter · Jun 5, 2023

Thanks, I'll do that.

TraderGary · Jun 5, 2023

I've wanted to ask you ever since I've been on the forum, where does the forum name "glasskuter" come from?

glasskuter · Jun 5, 2023

I was the first grandchild and the apple of my granddad's eye. He started calling me Kuter when I was a baby and it stuck. He couldn't read or write very well and every Christmas he would give me an envelope with money inside and my name printed on the face. That's the way he spelled it. I worshipped that man and was 38 when he died. He still called me that. By then I had begun working in stained glass. I thought it was appropriate for my business card. I sure wish I had kept one of those envelopes. Damn Gary. You've got me bawling. Thank you.

flashh4 · Jun 6, 2023

@glasskuter ..... this was in my Outlook mail this morning ! Is it the same as you mentioned ?

glasskuter · Jun 6, 2023

@flashh4 The Spam emails I was getting and which were directed to my junk folder were about my MS account being used in Russia. Your message is about Facebook being used elsewhere. The one message about my onedrive thing did not go to my junk folder and WAS from MS.

Whether that FB message of yours is legit from FB or not, I can't say. I always look at the source code of a questionable message (which is not easy but many times one can spot if the source is legit)
Since FB is so flaky and has almost no security, if I were you I would change my FB password just in case. Message me if you want me to take a look at its source, I'll be glad to see if I can spot anything. Tell me how you get your email (ie windows mail, MS Office Outlook, 365 Outlook, some other email app, or web based) and I can tell you how to access and copy the source code of the message.

TechnoMage2021 · Jun 6, 2023

Putting valuable and personal info in a cloud, is like scrolling it on a sign post in Times Square!
You probably have no idea where that cloud is, or what kind of person is administering it. I could be someone wanting to make a quick buck by selling information....YOURS!
No thank you! I'll keep my info right here, within arms reach, thank you.

It's really not paranoia, if you KNOW that they are out to get you! (quote: Some wise old sage)

flashh4 · Jun 6, 2023

@glasskuter , i have traced it with some Special programs i have from Malware Removal School ! I even had a chat with FB who say they are not sure why i am getting the email other than as usual someone is always trying to hack your account ! It's all good at least i know it's not Malware related ! Thanks for the reply back, Stay Safe out there !