Excerpt

• Changed password; very next webpage requested password change even though changed seconds before.

• When closing computer, reviewed Microsoft Excel document—first password had been copied and pasted into a cell.

• Had not accessed that document after changing password.

• Reviewed who accessed account—someone accessed multiple times using VPN.

• VPN address was closed Baltimore restaurant never visited.

• Another time: cell accessed account July 4 at 6:52 am while sleeping in bed.

• OneDrive indicated person answered security questions only person I formerly had a long-term relationship with knew.

• Authenticator had been de-linked from account on computer, yet could see account through phone's authenticator app.

Full Narrative

In summer 2024, I changed my Microsoft OneDrive password. The very next webpage requested I change my password even though I changed it only seconds before. When closing my computer I reviewed a Microsoft Excel document. The first password had been copied and pasted into a cell. I had not accessed that document after I changed the password. I reviewed who accessed the account. Someone accessed the account multiple times using a VPN. Its address was a closed Baltimore restaurant I never visited. Another time a cell accessed my account July 4 at 6:52 am. I was sleeping in bed. Not me. OneDrive indicated the person answered the account's security questions that only the person I formerly had a long-term relationship with knew. I also found that the authenticator had been de-linked from my account when I accessed it on my computer yet I could see that account through my phone's authenticator app. Every security layer I had was being systematically compromised.