Forum Discussion
Greg Bristow
Nov 13, 2018Copper Contributor
Risky event Logging discrepancies
I had an external attacker using a rotating proxy to attempt to logon to multiple accounts. The attacker would have between 60-100 logon attempts to each account. No more than one or two events from ...
Marcelo Orlandi
Nov 14, 2018Copper Contributor
That it is interesting as I had a customer which logs indicates a login from overseas to an account it never existed! when we opened the ticket at Microsoft to find out how it was possible to have a successful login from overseas to an account it does not exist in the tenancy they started to scratch their head.
BTW we still have the ticket opened and they are trying to figure out what was going on .
Greg Bristow
Nov 14, 2018Copper Contributor
Now that is a worry, as somewhere there is a piece of logic that allowed that to happen. It if allowed it to happen once it could very well let it happen a lot more often. Something to think about. was there anything else specific about this that you can share so that we can see if we have had similar events.
- Marcelo OrlandiNov 14, 2018Copper ContributorNo much information, unfortunately. The customer told us that the mailbox never existed at all, and even that there was a clear login into their logs from overseas. No other activities, such as account creation, deletion, etc., only a successful login. Not sure if logs may have mixed between tenancies or what. Microsoft is still trying to figure out what happened.