Microsoft Authenticator - Constant Login Approval Requests

By jbarcus81
in Microsoft (Windows)

 Share

Recommended Posts

Veteran

jbarcus81

Posted
Posted

So for the last few days, and excuse me if I'm not posting in the correct place... anyway, for the last few days I have been getting constant login approval requests from Microsoft Authenticator. I thought maybe someone was trying to get in so I changed my password and backup info... it did stop for a bit after, but now, it's back. I've had maybe 10 today alone. I check the history and there is nothing there.... under my recent activity it just lists my login to view the page, and my last login attempt which I signed into Outlook on my phone on June 18. What is going on? It's asking me to 'type in the code' that's displayed on my screen. I'm not doing it! Anyone else? Anything I should dig deeper into?

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

What sort of Microsoft Authenticator account login approval requests are you getting?  It is a generic authentication app and can be used with all sorts of services (Microsoft Account, Google Account, websites and services that support multi-factor authentication, etc.).

Regards,

Aryeh Goretsky

Veteran

jbarcus81

Posted
  • Author
Posted
On 25/06/2026 at 03:27, goretsky said:

Hello,

What sort of Microsoft Authenticator account login approval requests are you getting?  It is a generic authentication app and can be used with all sorts of services (Microsoft Account, Google Account, websites and services that support multi-factor authentication, etc.).

Regards,

Aryeh Goretsky

It's requesting a login code as if I was signing into my account on my Windows machine. 

Grand Master

_neutrino Veteran

Posted
  • Veteran
Posted

If you look at the account logs more than likely it will be showing that the request is coming from Valley Nebraska. we have been seeing thousands of these the last day or so.

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted
On 25/06/2026 at 00:04, jbarcus81 said:

So for the last few days, and excuse me if I'm not posting in the correct place... anyway, for the last few days I have been getting constant login approval requests from Microsoft Authenticator. I thought maybe someone was trying to get in so I changed my password and backup info... it did stop for a bit after, but now, it's back. I've had maybe 10 today alone. I check the history and there is nothing there.... under my recent activity it just lists my login to view the page, and my last login attempt which I signed into Outlook on my phone on June 18. What is going on? It's asking me to 'type in the code' that's displayed on my screen. I'm not doing it! Anyone else? Anything I should dig deeper into?

Do not enter the code under any circumstances, or you will be sorry. It's definitely and most likely a hacking attempt.  That happened to me a couple of years ago, and I kept receiving those prompts for months.

It's simply the attacker trying to get you tired of the constant requests, so you just give up and enter the code, so they can log in to your account. 

Neowinian

The_Focal_Point

Posted
Posted

Sounds like someone knows your email address and is repeatedly trying to log in, hoping you'll approve the MFA request (MFA fatigue). Definitely don't approve any prompts you didn't initiate. I'd also check that no unknown devices are signed into your account, sign out of all sessions, and consider changing your email.

Veteran

jbarcus81

Posted
  • Author
Posted
On 25/06/2026 at 17:02, The_Focal_Point said:

Sounds like someone knows your email address and is repeatedly trying to log in, hoping you'll approve the MFA request (MFA fatigue). Definitely don't approve any prompts you didn't initiate. I'd also check that no unknown devices are signed into your account, sign out of all sessions, and consider changing your email.

Yeah, I signed out of everything when I changed the password to my account. I keep checking device history and there's never anything new other than my own activity. 

Veteran

jbarcus81

Posted
  • Author
Posted
On 25/06/2026 at 10:40, _neutrino said:

If you look at the account logs more than likely it will be showing that the request is coming from Valley Nebraska. we have been seeing thousands of these the last day or so.

I checked on the IPs associated with every login and they're all mine... And whenever I get a new prompt, there is no activity to show for it. 

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

Were you using a product or service from one of the companies affected by the Klue data breach?  See https://klue.com/blog/an-update-on-recent-klue-security-incident for the company's public statement.  That blog post does not list affected customer.

From looking around at reports, I created this list:

  • Gong
  • HackerOne
  • Huntress
  • Insurity
  • Jamf
  • LastPass
  • OneTrust
  • Recorded Future
  • ReliaQuest
  • Salesforce
  • Snyk
  • Sprout Social
  • Tanium

It is likely there are other companies affected as well.

Regards,

Aryeh Goretsky
 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.