Microsoft suffers authentication outage as Outlook, Hotmail and Skype users are locked out of accounts

Peter Gothard
clock
Many users are unable to log in to Microsoft services today
Image:

Many users are unable to log in to Microsoft services today

Comms grind to a standstill. Again.

Update:

Microsoft has supplied the following quote, which suggests the login issues are ongoing:

"We are aware of reports that some users are having difficulty signing in to some services. We are investigating this issue."

The quote is attributed only to "a Microsoft spokesperson".

Original story:

Microsoft seems to have suffered an outage with its authentication servers, leading to many users being locked out of services.

Services include Outlook mail and Skype, with Xbox Live also showing a "Limited" live state. Other Microsoft services could be affected too.

The issue takes the form of a standard Microsoft account login screen declaring correct passwords incorrect, or otherwise saying an account doesn't exist entirely.

Applications such as Google's Gmail app will - in Computing's experience - launch a browser to attempt to resolve an "incorrect" password, then simply close the browser again after a password is entered, but continue to flag up an incorrect password within the app.

Users have taken to Twitter and Reddit to voice their own concerns and experiences, with DownDetector showing an increasingly unusual number of reports around the Office 365 ecosystem from around midday UK time rising to a peak around 2pm.

Repeated testing of our own Microsoft accounts just after 2pm seems to show services now restored. Computing has contacted Microsoft for comment, and is waiting for a statement by "appropriate contacts" at the company.

Microsoft's official Twitter feed has been responding to users with the following statement in the meantime:

"Sorry for the inconvenience. We know about the issue and are currently working on the resolution. Request you try and login again after a few hours."

It can be surmised that the account access issues are somehow tied up with Microsoft Azure, which controls the access servers for Microsoft online functions and was found to be at fault during a series of outages in late 2015.

Back then, email security firm Mimecast's cyber resiliency expert David Hood said:

"Growing dependence on pure Microsoft cloud ecosystems could see events such as today's Azure outage have a dramatic impact on business productivity.

"The question to ask ourselves in a cloud-first world is what is our cyber resilience strategy for when Azure, Office 365 or another critical cloud service goes offline?
Even in the world of the cloud, organisations need a continuity plan to keep operating when their primary provider becomes unavailable."

It's a question that still, apparently, demands an answer.

More on Threats and Risks

CISA issues warning on active exploitation of the PwnKit vulnerability

CISA issues warning on active exploitation of PwnKit Linux vulnerability

All US federal agencies that fall under the Federal Civilian Executive Branch are required to secure their systems against the bug by July 18

clock 30 June 2022 • 2 min read
The exploit means anyone can potentially locate secret military bases by uploading fake running data - underscoring the importance of IoT protection and security

Strava fitness app used to spy on Israeli military officials

The flaw has also exposed the locations of a number of sensitive sites in the country.

clock 21 June 2022 • 3 min read
Hertzbleed vulnerabiity in AMD and Intel CPUs could leak cryptographic keys

Hertzbleed vulnerabiity in AMD and Intel CPUs could leak cryptographic keys

Intel says an attack probably wouldn't work outside a lab environment

John Leonard
clock 16 June 2022 • 2 min read