Share via

Security info was deleted

Charles Xavier 5 Reputation points
2026-03-20T01:08:22.83+00:00

I recently received a notification on my Gmail Account that my Microsoft Account's security info was deleted. Specifically, my passkey was recently deleted.

User's image

They then gave me 2 options. If it was me, then I can safely ignore the email. If it wasn't me, a malicious user may have accessed my account. As such, I may need to review my recent activity.

This definitely wasn't me. I did not change any details about my Microsoft account recently. I did NOT delete my passkey.

When I attempted to review my recent activity by pressing the "Review recent activity" button, it redirected me to a log-in page. I inputted my Microsoft email; however, I was unable to successfully log in to my account. It says that I NEED a code sent to my supposed "Recovery Email Address", which apparently was ol***@**thingg.xyz now.

This is NOT my recovery email address. In fact, I am unfamiliar with this email address. I have not seen this email before. As such, I was UNABLE to receive the code and way unable to open my account.

I suspect someone must have accessed my Microsoft account through my email address. Earlier today, I joined a Discord Server, which required me to input my email. I was skeptical at first as to why this was needed but one of the staff assured me that it was for registration purposes, so I simply complied. I believe these people might have been the cause of this.

I am unable to access my XBox Account and purchased games as well

My question is, how am I supposed to recover my account if I can't even log in in the first place? I really need help regarding this. I don't know what to do anymore.  What should I do?

Microsoft Security | Microsoft Identity Manager

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-20T01:08:53.43+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The account is almost certainly compromised and the recovery email and security info have been changed by an attacker. Because of that, normal sign-in and verification will not work and the account must be recovered through Microsoft’s official processes.

    Follow these steps in order:

    1. Check for unusual sign-in and account activity (if still possible)
      If sign-in is still possible on any device or browser session where the account is already logged in, immediately go to the Security basics page and open Review activity to check the Recent activity page.
      • For any activity that is not recognized, in Unusual activity select This wasn’t me, or in Recent activity select Secure your account.
      • Then, from Security basics, select Change password and set a strong new password.
      If sign-in is no longer possible anywhere, continue with the next steps.
    2. Use the hacked/compromised account recovery flow
      Because the security info and recovery email were changed, treat this as a hacked account and follow the official guidance in How to recover a hacked or compromised Microsoft account:
      • First, ensure the PC or device is clean (run a full antivirus scan such as Windows Defender).
      • Then attempt to reset the password.
      • If sign-in becomes possible again, immediately change your password and review connected accounts, forwarding, and automatic replies to remove anything the attacker configured.
    3. If you cannot receive any verification codes
      When the attacker has replaced all security info and the password is not known or no longer works, use the Microsoft account recovery form as described in Troubleshoot Microsoft verification code issues:
      • Go through the steps under If you don't know your password and submit the recovery request via the account recovery form after reading Help with the Microsoft account recovery form.
      • Provide as much accurate information as possible (old passwords, devices, services used, etc.).
      • If the form is accepted and security info is replaced, be aware that the account may be restricted for up to 30 days before full access is restored.
    4. If recovery ultimately fails
      If the recovery form is repeatedly rejected and the security info has been fully replaced by the attacker, there is no other supported method to regain access to that Microsoft account. In that case, follow the guidance from support articles and Q&A answers:
      • Use the hacked-account article for any remaining steps to protect other services and devices.
      • For services tied to the account (for example, Minecraft or Xbox), contact the specific product’s support to see whether they can help with licenses or entitlements once a new Microsoft account is created.
    5. Protect other accounts and devices
      • Change passwords on the email account used as the Microsoft sign-in and on any other accounts where the same password was used.
      • Enable two-step verification / multi-factor authentication on important accounts.
      • Avoid entering account credentials on untrusted sites or forms (such as third-party “registration” forms on Discord servers) in the future.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.