Like the title says, I’ve got yesterday an email with a code to access my Microsoft account and that made me suspicious because I wasn’t trying to login to my account.
When I looked at the login attempts I saw that someone else was trying to access my account, I changed my password, activated TFA.
Thinking of going through and buying a physical key like yubico to further secure my account.
Any tips are appreciated.
Same here, I have been in the same situation for years. Looks like if you email appears in a data breach every hacker in the world tries to get access to your email. Just never reuse your email password and set 2FA. That's more than enough to prevent unauthorized access and don't lose sleep over it.
I got a notification from my original Xbox account from 2008 saying someone had managed to crack the password and needed the 2fa code.
I went to check on sign in activity and holy shit I knew that email account had been leaked long ago but I was not prepared for dozens to hundreds of sign-in attempts EVERY SINGLE DAY, from all over the world (at least I assume places that are popular VPN outlets)
That account doesn't have a single thing on it. No games, no cards, it was never even connected to the internet except the rare occasion when I was at a friend's house. And I don't re-use passwords except on throwaway accounts. So they would have been quite disappointed by it.
But just to be sure I changed the password again on all my big accounts or accounts with cards attached just in case.