Microsoft account security breach and home PC

Pirozkhi · 05 Oct 2019

Hi.

Recently my gmail account was hacked (no 2FA enabled, big mistake). This gmail account was also used to create my Microsoft Account. I still have access to my Microsoft account,but I cannot change the password or completely delete it because it sends a confirmation e-mail to my lost gmail, and I got a one month lockdown (of accessing critical stuff) on my Microsoft account trying to change password withan alternative e-mail. Now at this point I have pretty much accepted the gmail being gone, and the Microsoft account as well.

My concern is what to do from this point on to cut the ties between my computer and the said Microsoft account. I'm worried that since I've been using my computer with this Microsoft account, could the hacker access anything important, such as stored passwords (for various websites and applications like Steam etc.) or saved files (things on desktop or other drives) if they manage to login to my Microsoft account from another machine. I have of course enabled 2FA on anything important after the incident, but I'm worried that continuing to use the same install of Windows might somehow keep updating the initial Microsoft account about what I'm doing on the computer, such as updating my passwords and saving them. I know I rather sound paranoid but that's exactly how I am right now.

What should I do? Do I need to format the PC and make a clean install with a completely different account? Or is there a reliable way of completely severing the connection between the Microsoft account and the current install of Windows?

Thanks.

Caledon Ken · 05 Oct 2019

Hi Pirozkhi. Welcome to the TenForums @Pirozkhi

First because you used your gmail name as your Microsoft name does not mean you account is breach. Each environment used its own validation process. So is it safe to assume that your password to your gmail account is different than your password to your microsoft account.

What do you mean you lost your gmail account. If you try to log on to it has the hacker change the password. Have you tried to regain control by verifying yourself through an alternate method. Like send a code to phone, send a recovery email.

You really need to gain control back over this account.

Ken

Pirozkhi · 05 Oct 2019

Yes, the gmail password is changed. It was not my main mail account, it was just created for Youtube thus there was no phone number defined to it, there are no means to claim it back. As I said, that unfortunately seems to be out of the question.

Yet probably because I had no other gmail account, I had entered that one during the Windows installation. And the password for Microsoft account is rather similiar, even if not the person could request a password change for it using the gmail.

Therefore what I'm asking is how I can cut the ties between the Microsoft account and the PC I own.

A different way of formulating the question might be, that what kind of data is stored and updated in a Microsoft account? Are passwords saved into a computer (browser passwords, application password etc) automatically filled in if a Microsoft account is logged in from a different PC, or are they stored locally?

Josey Wales · 05 Oct 2019

Reset

There are three options that allow you to reset your PC. If you’ve tried just about everything else and your PC still isn't running well, resetting it might fix the problem.

Option 1: Select Start > Settings > Update & Security > Recovery. Under Reset this PC, select Get started. Open Recovery settings.
Option 2: Restart your PC to get to the sign-in screen, then press and hold down the Shift key while you select the Power icon > Restart in the lower-right corner of the screen. After your computer restarts, select Troubleshoot > Reset this PC.
Option 3: Select Start , then press and hold down the Shift key while you select the Power icon > Restart to restart your computer into Recovery Mode. After your computer restarts, select Troubleshoot > Reset this PC.
Any of these three options will get you started, but once you're in the process, follow the steps as they are presented to you. If none of the preceding three options work, you can use installation media to resinstall Windows 10.

https://support.microsoft.com/en-us/...t-or-reinstall

You may want to try the above in the quote.

Caledon Ken · 05 Oct 2019

You can also just switch to a local account to break linkage to PC. That said, hard for us to say what is in MS account as we don't know how you used it. Were you using Onedrive with this account?

Pirozkhi · 05 Oct 2019

I don't think I used OneDrive. Never noticed it doing anything and didn't do any backup manually. Although the sync option was turned on in the "manage user accounts" setting accessed from the start menu. There was also a red warning stating passwords wouldn't be synced because the e-mail was not verfied. But to assume the worst case scenario, is it possible to store web or application (like Steam) passwords on a MS account? (you know, the remember me tick)

I also removed the PC from the devices on my Microsoft account, there are no devices listed there right now. I'm not sure if this does flush the OneDrive backups though, hopefully it does.

I have already switched to a local account, but the C\Users name and content remains the same. I'm not sure if I did everything right and (current) PC content is cut off from the MS account.

Caledon Ken · 05 Oct 2019

First if you switched to Local account the user directory would not change. No one is getting in there.

Now as to what you were syncing.

Were you storing passwords in Edge or just using the remember option. Remember me is a cookie on device, your computer. I'm very sure those cookies are not sync. Someone could tell me I'm wrong.

It does sync passwords, those you implicitly save in Edge. They would have to sync to this account.

Before we go much further, did you save passwords in Edge.

Pirozkhi · 05 Oct 2019

Nope, I was using Chrome. No passes on Edge.

There are other programs like Steam or various online games that save login info on the computer though, what about those? Don't think those are cookies since deleting saved passwords via clearing browse history does not log you out of any of such applications.

Caledon Ken · 06 Oct 2019

Can't comment on Games. If the game is an app it likely saves its own password within the app as a Mail client does. I guess it could be saving with Windows Credential manager. Open your credential manager and see if they are listed there.

If you weren't using Edge then you were using very little withing MS sync.

As a good practice when you've been hacked key sites should be changed.

I use a password manager and I log what recovery address is being used. A quick search and I know which account to update.

I also set up my accounts with multiple recovery methods so I can verify myself to system and quickly get things locked down.