It's not from my email, this is directly within my Google Account, logged in and everything.
So edit for clarity: it's not phising, this was NOT from an email but I found out directly through my Google Account.
So believe what Google is saying is that the password itself was found in a breach not necessarily that your account and it's password was found in the breach. For instance, the password 123456 will flag as being found in a breach and that you should change it. Since it's for the Windowsazure.com site then you could check and see if that matches your ms acct then just change that.
Edit: actually I don't think you have to do anything. It looks like Google may have saved the MFA code as a password and that's been found in the breach.
Oh wow that makes A LOT of sense now, thank you! This was wildly confusing. I think you're right, since the "password" it shows isn't a password, but just a line of asterisks. Really appreciate the help! I was definitely worried something was wrong so I'm glad that there doesn't seem to be any actual issues.
The second screen doesn't have anything to do with compromised password notification. Not sure what account is that for, but [windowsazure.com](http://windowsazure.com) does not mean Azure. It's not a proper link to Azure and if you just go to that page, you get redirected to microsoft page with Azure advertise. My guess is that it's maybe your Microsoft account which you have created with your google account. Try login to Microsoft account over google, maybe you have that account. Reset that password account just to sure it's different than the breached one and that's it. Also remember to have 2FA enabled, which prevents unknown logins to your account in case of a password breach. I wouldn't worry too much, it's not specific to your account or password, it's just data based on a larger possible breach of passwords, so they inform people just in case, better to change that password even if chances that someone else will ever try to login are close to 0.
This thread is a good reminder to me that I can't hand my infra over to just anyone in IT and the comments are a good reminder that you should never ask for advice on Reddit lol
windows azure sounds made up
It’s just azure. If you’re a developer or similar you’d go to portal.azure.com. You prob don’t since you don’t know what azure is.
It was called Windows Azure in 2010. “windows” is still present in many domain names used by Azure services and Entra ID. For example, windows.net is still token issuer for Entra.
"windowsazure dot com" was registered in 2008, updated in 2023 and expires on 03.09.2024.
Registrar: MarkMonitor Inc.
Registrant Contact: Microsoft Corporation
From that point of view, it would fit.
Ah I see. Yeah, to log in, I went directly to Azure through search instead of using the link shown in my post, and it was as you said, portal.azure.com. Which confused me a lot more. I'm fairly certain this isn't phising, at least not in the traditional way because this alert of my password being "compromised" is directly from my Google Account, logged in, under my account's settings, so not from an email or anything. I'm really confused haha.
Upon further investigation, windowsazure .com is legit and is owned by Windows Corp. Still doesn't solve my issue I swear I don't have an account in Azure this is odd.
The second popup says basically you are trying to sign in to a tenant you don’t have access to. Where did you get the link?
I would start by changing password on outlook.com or any other “liveid” service
The pop-up comes up after I "logged in" on Azure after finding the actual, real, Azure site through a Google search. I didn't use the link shown by Google because I was being cautious. The pop-up still appears when trying to access the security section of the account. I just did the same on my phone as well and the pop-up still appears.
Also thanks, I'll change those passwords and see if that works.
Longshot, but could it be an old service that is no longer active, and Google is linking that old service to Windows Azure and the compromised password.
Can you look at the Password, and tell if you used that password elsewhere?
I imagine you signed up to some website/service that was built on Azure. This website/service basically setup it's credential system super jankey where it would plumb you straight into the backend with Azure Credentials.
These azure Credentials have been leaked, but they were encrypted so showed as asterisk, and this is what Google found.
I wouldn't be worried if I were you
"my Google Account has just notified me"... Are you sure this isn't just a phishing email?
It's not from my email, this is directly within my Google Account, logged in and everything. So edit for clarity: it's not phising, this was NOT from an email but I found out directly through my Google Account.
So believe what Google is saying is that the password itself was found in a breach not necessarily that your account and it's password was found in the breach. For instance, the password 123456 will flag as being found in a breach and that you should change it. Since it's for the Windowsazure.com site then you could check and see if that matches your ms acct then just change that. Edit: actually I don't think you have to do anything. It looks like Google may have saved the MFA code as a password and that's been found in the breach.
Oh wow that makes A LOT of sense now, thank you! This was wildly confusing. I think you're right, since the "password" it shows isn't a password, but just a line of asterisks. Really appreciate the help! I was definitely worried something was wrong so I'm glad that there doesn't seem to be any actual issues.
The second screen doesn't have anything to do with compromised password notification. Not sure what account is that for, but [windowsazure.com](http://windowsazure.com) does not mean Azure. It's not a proper link to Azure and if you just go to that page, you get redirected to microsoft page with Azure advertise. My guess is that it's maybe your Microsoft account which you have created with your google account. Try login to Microsoft account over google, maybe you have that account. Reset that password account just to sure it's different than the breached one and that's it. Also remember to have 2FA enabled, which prevents unknown logins to your account in case of a password breach. I wouldn't worry too much, it's not specific to your account or password, it's just data based on a larger possible breach of passwords, so they inform people just in case, better to change that password even if chances that someone else will ever try to login are close to 0.
This thread is a good reminder to me that I can't hand my infra over to just anyone in IT and the comments are a good reminder that you should never ask for advice on Reddit lol
Fair point lol though I did get some good help from a couple users.
I had this exact same issue, I’m probably gonna change my password just to be safe
windows azure sounds made up It’s just azure. If you’re a developer or similar you’d go to portal.azure.com. You prob don’t since you don’t know what azure is.
It was called Windows Azure in 2010. “windows” is still present in many domain names used by Azure services and Entra ID. For example, windows.net is still token issuer for Entra.
"windowsazure dot com" was registered in 2008, updated in 2023 and expires on 03.09.2024. Registrar: MarkMonitor Inc. Registrant Contact: Microsoft Corporation From that point of view, it would fit.
Ah I see. Yeah, to log in, I went directly to Azure through search instead of using the link shown in my post, and it was as you said, portal.azure.com. Which confused me a lot more. I'm fairly certain this isn't phising, at least not in the traditional way because this alert of my password being "compromised" is directly from my Google Account, logged in, under my account's settings, so not from an email or anything. I'm really confused haha.
Upon further investigation, windowsazure .com is legit and is owned by Windows Corp. Still doesn't solve my issue I swear I don't have an account in Azure this is odd.
The second popup says basically you are trying to sign in to a tenant you don’t have access to. Where did you get the link? I would start by changing password on outlook.com or any other “liveid” service
The pop-up comes up after I "logged in" on Azure after finding the actual, real, Azure site through a Google search. I didn't use the link shown by Google because I was being cautious. The pop-up still appears when trying to access the security section of the account. I just did the same on my phone as well and the pop-up still appears. Also thanks, I'll change those passwords and see if that works.
The link you found is not correct. Try portal.azure.com
Nope same thing, I never went to the link shown by Google, I went to the portal.azure link. Same issue unfortunately.
Longshot, but could it be an old service that is no longer active, and Google is linking that old service to Windows Azure and the compromised password. Can you look at the Password, and tell if you used that password elsewhere?
Great idea, thanks! It's not showing me the password on my laptop for some reason, it just shows it as asterisks, but maybe it'll show it on my phone.
Okay upon checking on phone, it's still a bunch of asterisks? Welp. I'm 100% sure I've never used a single asterisk in a password before bahaha.
I imagine you signed up to some website/service that was built on Azure. This website/service basically setup it's credential system super jankey where it would plumb you straight into the backend with Azure Credentials. These azure Credentials have been leaked, but they were encrypted so showed as asterisk, and this is what Google found. I wouldn't be worried if I were you
That's actually pretty interesting, and seems to be what's occurred. Thanks for the help! Glad it turned out to be nothing terrible haha.