Hi everyone, I'm looking for some advice regarding a tricky situation. My sister's Microsoft account got hacked after she fell for a scam on Discord, and it's been really frustrating dealing with support and figuring things out. Her laptop has been on for almost 24/7 because we're worried that if we restart it, she might lose access to her account or run into issues since it's still logged in.
For context, we've changed her password, added a new Gmail account for security, and cleared the old security info, all of which we've confirmed through the authentication app on her phone. She typically logs in with a PIN, but I'm unsure if she's using a local account or a Microsoft account, and I don't really know how Windows 11 works since I'm still using Windows 10. Plus, I've seen that we could switch to a local account, but I'm confused about whether that would keep her existing files and settings intact or start her off fresh. Any insights would be greatly appreciated!
1 Answer
Since she’s logging in with a PIN, she’s using her Microsoft account, which is riskier than a local account. If the hackers have access to that account, after a restart, they could easily change the PIN or even unlink her from the laptop completely, leaving her potentially locked out.
I’d recommend creating a local Administrator account as a backup before making any changes. You can do this from the Management Console and ensure the password is solid. This way, if something goes wrong, she’ll still have access to her files. As for OneDrive, if it’s configured to sync, they might have access to her saved files, so make sure to check that too! By the way, how did those hackers manage to override her 2FA? That seems pretty wild!
Thanks for the detailed response! I'll walk her through these steps when she wakes up. About the 2FA, I'm really not sure how they bypassed it either. She ran this shady executable she downloaded under the pretense of playing a game, and that seems to be how everything went south. The hackers now have her Microsoft, Discord, and Steam info... pretty scary stuff. I guess running it locally somehow got them in? Appreciate your help!