Forum Discussion
How long must I stay alert? Is it forever?
My computer got trojan in late April, and I luckily manage to recover every single account that got compromised. I also have already nuked my PC and reinstalled windows, and I'd say all is good now. I have changed my passwords everywhere, added 2FA wherever I could, and everything has been quiet every since. And yet, just an hour ago I received a gmail notification of someone trying to log into my Microsoft account (the only one which I forgot to turn 2FA on) despite me already changing its password. It's already been almost a month since my PC got that trojan, so I really was caught off guard. They failed (hopefully) and I changed it's password again just to be safe and added 2FA.
I am just wondering how long usually do people will still attempt to access my accounts? I mean, I don't mind changing passwords every time in a while of course, but I just want to be more prepared and stop panicking whenever I see notifications like that. (Sorry if it's confusing, English is not my first language and I'm not well-versed in this topic)
4 Replies
Your experience highlights how persistent threats can be—even after a clean install and multiple security measures. The attacker may still be scanning for vulnerabilities, so continuous vigilance is crucial.
The trojan did capture your old Microsoft password back in April. Even though you changed it, automated botnets often cycle through stolen credentials for weeks or months. The attacker just now got around to trying your credentials in a fresh batch.
Being caught off guard is completely understandable here. You did almost everything right—nuked the PC, changed passwords, added 2FA everywhere you remembered. Getting a login attempt notification a full month later would shake anyone's confidence.
Once attackers identify an account or system of interest, they often try repeatedly over weeks or even months, especially if they haven't been fully blocked or if they believe there's still a chance to access it.
