Microsoft Mobile Authenticator Bypassed and Visual Studio 2022 VSIX Distributor Account Hacked

호진 이 0 Reputation points
2026-06-23T16:01:38.01+00:00

Dear Microsoft Account Safety Team,

I am writing this message regarding the service request SIR23861054.

In June 22th, 2026 4-6AM Korean Standard Time, I clicked a link generated by Claude and ran a Cloudflare captcha. The captcha ran CMD on my local machine and I had to reinstall Windows 11 before filing a request for an help. I created a new Microsoft account and linked the original email address of the hacked account to this account. I would like to provide further information about the accident and my personal information for the account ownership verification.

If account recovery is not possible even with the additional information, I would like to ask if the hacked Visual Studio 2022 vsix distributor page and the package can be taken down from the Visual Studio 2022 Marketplace? Or if this is not the place to ask for an help regarding this issue, please advise me where to ask.

Best Regards,

Hojin Lee ( UNKNOWN STRYKER )

Developer technologies | Visual Studio | Other
Developer technologies | Visual Studio | Other

A family of Microsoft suites of integrated development tools for building applications for Windows, the web, mobile devices and many other platforms. Miscellaneous topics that do not fit into specific categories.

0 comments No comments

1 answer

Sort by: Most helpful
  1. AI answer

    2026-06-23T16:02:18.5433333+00:00

    Account recovery and security review for a hacked Microsoft account, including accounts used for Visual Studio Marketplace publishing, is handled only through the official Microsoft account recovery and sign‑in support flows. Support agents and community moderators cannot directly access or restore accounts outside of those processes.

    For a hacked or compromised Microsoft account:

    1. Use the official hacked-account recovery guidance and tools
      • Follow the steps in How to recover a hacked or compromised Microsoft account, which include:
        1. Scanning the PC for malware and ensuring it is clean.
        2. Changing or resetting the Microsoft account password using the official flows.
        3. Reviewing and correcting account settings such as connected accounts, forwarding, and automatic replies.
      • Start from the sign‑in helper, which will ask for the email or phone and then guide through self‑help or offer a chance to talk to an agent: Start.
    2. If the hacker changed aliases, security info, or 2FA
      • When a hacker changes critical account data (aliases, recovery email/phone, or enables their own 2FA), recovery depends entirely on successfully completing the automated account recovery form.
      • As described in similar cases, if the security info has been replaced and the recovery form cannot verify ownership, the account is usually no longer recoverable and Microsoft Support cannot override this.
    3. Use the account recovery form thoroughly
      • Fill in the recovery form with as much accurate historical information as possible (old passwords, previous aliases, billing details, etc.), as this is the primary method used to verify ownership.
      • If a previous submission did not succeed, it is possible to try again from a different device or network, as suggested in the referenced guidance.
    4. If sign-in is blocked or unusual activity is detected
      • If the account is locked or blocked due to suspicious activity, follow the instructions shown at sign‑in (for example, links beginning with aka.ms/) and complete the requested verification.
      • If verification codes are not received or a “Try another verification method” message appears, follow the troubleshooting guidance in the verification-code article, including trying another verification method, another network, waiting for temporary blocks to clear, and using the sign‑in helper.

    Regarding taking down or disabling the hacked Visual Studio 2022 VSIX distributor page/package:

    • The provided context does not include a direct, separate process for requesting takedown of a Visual Studio Marketplace extension when the associated Microsoft account is compromised.
    • In similar hacked-account scenarios, moderators and support consistently direct users back to the same official account recovery and Microsoft Support contact channels and indicate that they cannot perform backend actions outside those flows.
    • Therefore, any request to remove or disable content associated with the compromised account (such as a VSIX listing) must be raised through Microsoft Support using the same official channels used for hacked-account and sign‑in issues. The sign‑in helper and account recovery guidance are the supported entry points.

    If account recovery ultimately fails (for example, because the attacker fully replaced security info and the automated checks cannot verify ownership), the referenced guidance indicates there is no further escalation path for restoring that personal Microsoft account or manually intervening in its content.


    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.