There's something fishy going on with Microsoft Outlook

Outlook
(Image credit: Shutterstock)

Suspicious notification emails have recently been arriving in the inboxes of Microsoft Outlook users, but it turns out it’s all Microsoft’s fault. 

During this week, numerous Outlook users have taken to Microsoft’s support forums, as well as different publications, to report that they keep getting notified of “unusual sign-in activity” on their email accounts.

This is a security email, usually triggered when a person logs into an email address from a previously unknown location, device, or IP address. It’s standard practice to help people know if an unauthorized person managed to access their account, and most internet services nowadays offer this type of security.

Late to the party

Even though some people changed their email passwords as soon as they were notified, and even though others have two-factor authentication active on their accounts, it didn’t stop Microsoft from sending the warning emails, leading some to suspect that it’s, in fact, a configuration error on Microsoft’s side. One person even said “It's driving me nuts”, as they’d been getting emails after changing their password multiple times.

It did end up being a misconfiguration on Microsoft’s side, as the company sent a brief statement to The Register, a few days later, saying it was, "working to resolve a configuration issue causing some customers to receive these notifications in error."

As it took Microsoft quite some time to reach out with an explanation, people were rightfully worried. An IT specialist told the publication that it was possible for threat actors to be reusing old passwords from various disclosure lists. 

Others urged Microsoft to act quickly, and at least confirm that this wasn’t a breach, as people were getting itchy. 

"I would like to know why a Microsoft-owned IP is syncing to my Microsoft account, why it is flagged as "suspicious", and why was it able to successfully sync at least once before,” one user told The Register

  • Looking for a solid email client? We have a list just for you

Via: The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.