So here’s a strange one. I thought I’d post here to get some opinions besides my own on this. I’ll try to be concise as possible, if anyone wants more info feel free to ask.
I was notified yesterday by Microsoft of unusual activity on my account. The notification came up as soon as I used the default Mail.app on MacOS. The activity shows an IP address that goes back to the UK Ministry of Defence.
For the last week I’ve been out of town (went to Florida) and this is the first time I launched the mail app on the mac in 8 days. I accessed my Microsoft account while I was gone both on an iPad and iPhone mainly via Verizon Wireless. I can’t recall if I did use public wife and/or if I accessed mail or not, I don’t think I did but am leaving it open as a possibility. I think the trip may just be a red herring in this story because I find it strange that the notification came up the moment I used the mail app on my desktop.
Since the notification I enabled 2 factor authentication (yes I wasn’t using it) and changed my password. There was a second time the account was accessed after this (4:24pm) and then it hasn’t been access since.
I did some searching and you will find others with a similar story to my own, mostly from a couple years ago. I also turned up this Register article from 2015 that says the UK Ministry of Defence sold some of their IP4 addresses and they names were not updated. Is it possible 4 years later that they are still incorrect?
Few other items
1) All the activity seems to be grouped under “Automatic Sync” for IMAP.
2) I am located in the US and have never traveled to the UK.
3) I don’t run any non-standard mail clients, although I had briefly tested some out (AirMail for iOS comes to mind).
4) I don’t have my account checked from any other service.
5) I don’t work in an industry that requires any background check, etc.
My current best guess is that my password for the account somehow got out there and that I spammer is impersonating me.