Occasional Visitor

Hello Team,


I am new to this community.  My issue is with Office 365 Family Plan.  This is NOT a business account.


My 20 year old email was hacked using IMAP when they brute forced my password.  I was not aware that this was going on because Microsoft did not send me any notifications of failed log in attempts via IMAP protocol.  Please see logs for the 18 showing that a successful synch was completed.  


I called office 365 support but they had NO clue what I was talking about.


I used every security measure like 2 form authentication, email recovery, etc....unique passwords...changing password every so often.... I NEVER GOT an alert that hackers were trying to break my password.  I have copies of logs showing hundreds of attempts to get my passwords cracked.  This happened for 4 months straight until they got in.  


The catch 22 is that hackers got in via simple IMAP.  They had my username and 4 months to break my password.  I saw the activity logs and realized how they got it.  


My frustration is why I CANT request to turn OFF IMAP on my account.  THIS MEANS that EVERY non-business account can be hacked via IMAP?  This is crazy....


No one at tech support is able to help me.


any idea as to why Office 365 Family plan is not protect for IMAP hack?





1 Reply

@cdtluna I can't believe nobody replied to you. This happens to me too. They managed to steal my crypto. Got me so confused for 2 days that I figured the leak was from OneNote where I kept my infos.

Below is my post in Microsoft community. Same as you, the support gave up to and there's no way they can escalate this. HOW ARE WE SUPPOSED TO GET HELP THEN? It took them a week to hack my new password again through IMAP.


Microsoft Support
Case #:1031117776
followed by
Case #:1031535377

In short, I have many attempts connecting IMAP to my account.
I am very secure, an IT guy, 2FA on, 3 antivirus.
Despite account activity showing UNSUCCESSFUL, they managed to steal my crypto details from OneNote.
I changed password and 1 week no attempt. Until the 17th of November they tried again from Sweden. I believe they succeed since the attempt stopped.

I only wish for them to stop accessing my account! Both of your support agents gave up since they cannot escalate this. Unbelievable for a scale like Microsoft.