Microsoft Authenticator - Constant Login Approval Requests

Thursday at 04:04

So for the last few days, and excuse me if I'm not posting in the correct place... anyway, for the last few days I have been getting constant login approval requests from Microsoft Authenticator. I thought maybe someone was trying to get in so I changed my password and backup info... it did stop for a bit after, but now, it's back. I've had maybe 10 today alone. I check the history and there is nothing there.... under my recent activity it just lists my login to view the page, and my last login attempt which I signed into Outlook on my phone on June 18. What is going on? It's asking me to 'type in the code' that's displayed on my screen. I'm not doing it! Anyone else? Anything I should dig deeper into?

Thursday at 07:27

Hello,

What sort of Microsoft Authenticator account login approval requests are you getting? It is a generic authentication app and can be used with all sorts of services (Microsoft Account, Google Account, websites and services that support multi-factor authentication, etc.).

Regards,

Aryeh Goretsky

Thursday at 14:31

On 25/06/2026 at 03:27, goretsky said:

Hello,

What sort of Microsoft Authenticator account login approval requests are you getting? It is a generic authentication app and can be used with all sorts of services (Microsoft Account, Google Account, websites and services that support multi-factor authentication, etc.).

Regards,

Aryeh Goretsky

It's requesting a login code as if I was signing into my account on my Windows machine.

Thursday at 14:40

If you look at the account logs more than likely it will be showing that the request is coming from Valley Nebraska. we have been seeing thousands of these the last day or so.

Thursday at 15:27

On 25/06/2026 at 00:04, jbarcus81 said:

So for the last few days, and excuse me if I'm not posting in the correct place... anyway, for the last few days I have been getting constant login approval requests from Microsoft Authenticator. I thought maybe someone was trying to get in so I changed my password and backup info... it did stop for a bit after, but now, it's back. I've had maybe 10 today alone. I check the history and there is nothing there.... under my recent activity it just lists my login to view the page, and my last login attempt which I signed into Outlook on my phone on June 18. What is going on? It's asking me to 'type in the code' that's displayed on my screen. I'm not doing it! Anyone else? Anything I should dig deeper into?

Do not enter the code under any circumstances, or you will be sorry. It's definitely and most likely a hacking attempt. That happened to me a couple of years ago, and I kept receiving those prompts for months.

It's simply the attacker trying to get you tired of the constant requests, so you just give up and enter the code, so they can log in to your account.

Thursday at 21:02

Sounds like someone knows your email address and is repeatedly trying to log in, hoping you'll approve the MFA request (MFA fatigue). Definitely don't approve any prompts you didn't initiate. I'd also check that no unknown devices are signed into your account, sign out of all sessions, and consider changing your email.

2026-06-26T01:57:57Z

On 25/06/2026 at 17:02, The_Focal_Point said:

Sounds like someone knows your email address and is repeatedly trying to log in, hoping you'll approve the MFA request (MFA fatigue). Definitely don't approve any prompts you didn't initiate. I'd also check that no unknown devices are signed into your account, sign out of all sessions, and consider changing your email.

Yeah, I signed out of everything when I changed the password to my account. I keep checking device history and there's never anything new other than my own activity.

2026-06-26T02:02:26Z

On 25/06/2026 at 10:40, _neutrino said:

If you look at the account logs more than likely it will be showing that the request is coming from Valley Nebraska. we have been seeing thousands of these the last day or so.

I checked on the IPs associated with every login and they're all mine... And whenever I get a new prompt, there is no activity to show for it.

2026-06-26T08:11:09Z

Hello,

Were you using a product or service from one of the companies affected by the Klue data breach? See https://klue.com/blog/an-update-on-recent-klue-security-incident for the company's public statement. That blog post does not list affected customer.

From looking around at reports, I created this list:

Gong
HackerOne
Huntress
Insurity
Jamf
LastPass
OneTrust
Recorded Future
ReliaQuest
Salesforce
Snyk
Sprout Social
Tanium

It is likely there are other companies affected as well.

Regards,

Aryeh Goretsky

2026-06-26T12:14:46Z

@goretsky I will keep those in mind for the calls we get and update our technicians with the list, im sure the list will grow and I hope there is a larger public statement on this.

Here is the statement from Huntress
https://www.huntress.com/blog/klue-breach-investigation

Sign In

Microsoft Authenticator - Constant Login Approval Requests

Recommended Posts

jbarcus81

Link to comment

Share on other sites

goretsky Supervisor

Link to comment

Share on other sites

jbarcus81

Link to comment

Share on other sites

_neutrino Veteran

Link to comment

Share on other sites

+Elі Subscriber²

Link to comment

Share on other sites

The_Focal_Point

Link to comment

Share on other sites

jbarcus81

Link to comment

Share on other sites

jbarcus81

Link to comment

Share on other sites

goretsky Supervisor

Link to comment

Share on other sites

_neutrino Veteran

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Posts

Recent Achievements

Popular Contributors

Tell a friend