Share via

Outlook Hijacked! Microsoft Account Compromised – Primary Alias Changed, Recovery & 2FA Removed Without Notifications

Wael Shannak 0 Reputation points
2026-02-05T00:00:25.16+00:00

Hello,

I am seeking urgent help regarding my Microsoft account that appears to have been compromised.

My account has had its primary alias changed. When I attempt to sign in using my original email, I receive the message:

“We don’t recognize this account.”

Here is what makes this situation extremely confusing:

I had multiple 2FA methods enabled:

SMS verification

  Microsoft Authenticator app
  
     Security key
     
     I had a **recovery email** configured.
     
     I did **not receive any login notifications**, approval prompts, SMS codes, or security alerts.
     
     I did not approve any security changes.
     
     There were no unusual authenticator prompts.

Despite this, the attacker was somehow able to:

Remove my phone number

Remove my recovery email

Remove my authenticator methods

Change the primary alias

Lock me out of the account

However, I still have:

Access to my Microsoft Authenticator app (the account entry still appears)

Access to my Minecraft account, which I redeemed using a physical code

Access to Steam, which is linked to my Xbox account (I purchased Sea of Thieves on Steam and it connects to my Microsoft/Xbox account)

This suggests that the underlying Microsoft identity still exists, but the sign-in alias has been changed or removed.

I have attempted the automated account recovery form multiple times, but it has been rejected, stating the information provided was insufficient.

I am trying to understand:

How security methods could be removed without any notification or MFA prompt.

Whether my account can be recovered given that I still have authenticator presence and active linked services (Minecraft and Xbox/Steam).

Whether there is a way to verify ownership using:

Historical passwords

  Device/IP history
  
     Minecraft redemption details
     
        Linked Xbox/Steam purchase history

This account is tied to important services, and I am trying to escalate beyond the automated recovery system.

If any Microsoft representative or experienced user can advise on the proper escalation path, I would greatly appreciate it.

Thank you.Hello,

I am seeking urgent help regarding my Microsoft account that appears to have been compromised.

My account (previously under the domain legenmail.com) has had its primary alias changed. When I attempt to sign in using my original email, I receive the message:

“We don’t recognize this account.”

Here is what makes this situation extremely confusing:

I had multiple 2FA methods enabled:

SMS verification

  Microsoft Authenticator app
  
     Security key
     
     I had a **recovery email** configured.
     
     I did **not receive any login notifications**, approval prompts, SMS codes, or security alerts.
     
     I did not approve any security changes.
     
     There were no unusual authenticator prompts.

Despite this, the attacker was somehow able to:

Remove my phone number

Remove my recovery email

Remove my authenticator methods

Change the primary alias

Lock me out of the account

However, I still have:

Access to my Microsoft Authenticator app (the account entry still appears)

Access to my Minecraft account, which I redeemed using a physical code

Access to Steam, which is linked to my Xbox account (I purchased Sea of Thieves on Steam and it connects to my Microsoft/Xbox account)

This suggests that the underlying Microsoft identity still exists, but the sign-in alias has been changed or removed.

I have attempted the automated account recovery form multiple times, but it has been rejected, stating the information provided was insufficient.

I am trying to understand:

How security methods could be removed without any notification or MFA prompt.

Whether my account can be recovered given that I still have authenticator presence and active linked services (Minecraft and Xbox/Steam).

  1. Whether there is a way to verify ownership using:

Historical passwords

Device/IP history

Minecraft redemption details

  • Linked Xbox/Steam purchase history
  • I had my phone number auth!

This account is tied to important services, and I am trying to escalate beyond the automated recovery system.

If any Microsoft representative or experienced user can advise on the proper escalation path, I would greatly appreciate it.

Thank you.

Outlook | Web | Outlook.com | Email
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-05T00:00:43.2566667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like your Microsoft account has been compromised, and you're facing a challenging situation with the loss of access and security methods. Here are some steps and considerations based on your description:

    1. Understanding Security Method Removal: It is concerning that your security methods were removed without notifications. This can happen if an attacker has gained access to your account and has the ability to change security settings. It's crucial to ensure that your devices are secure and free from malware.
    2. Account Recovery: Since you still have access to the Microsoft Authenticator app, you may want to try using it to recover your account. If the app still shows your account, it might allow you to regain access. However, if the primary alias has been changed, you may need to rely on the recovery form. Be persistent in providing as much detail as possible, including any historical passwords, device/IP history, and linked services.
    3. Verification of Ownership: While the automated recovery process can be strict, providing detailed information about your account's history can help. Mentioning your Minecraft redemption details and linked Xbox/Steam purchase history may assist in verifying your identity during the recovery process.
    4. Escalation Path: If the automated recovery form continues to reject your attempts, consider reaching out to Microsoft Support directly through their support portal. Use the virtual agent to describe your issue, and if possible, request to chat with a support agent who can assist you further.
    5. Monitoring and Security: If you regain access, immediately change your password to a strong, unique one. Re-enable two-factor authentication (2FA) and review your account settings for any unauthorized changes. Monitor your account for any suspicious activity and inform your contacts about the potential compromise.

    It is crucial to act quickly to secure your account and mitigate any potential damage.

    References:

    0 comments
  2. Wael Shannak 0 Reputation points
    2026-02-05T00:04:18.12+00:00

    Also I want to mention same thing!!! I send 1 email every week I don't remember 5 emails!!! I sent during 3 month period, I mainly use my account for auth sessions, so I don't communicate on it unless it is a job or something..

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.