Share via

Account suspended after being hacked — Microsoft refusing recovery due to hacker-enabled TSV

Lloyd Kuehn 0 Reputation points
2026-06-05T00:29:30.64+00:00

My Microsoft account (******@gmail.com) was hacked. The attacker removed my security info and enabled Two-Step Verification to lock me out. I reported this to Microsoft, who suspended the account. Microsoft support (case 7103537161) has closed my ticket stating they cannot help because TSV is enabled — TSV that was set up by the hacker, not me. I have filed a reinstatement appeal with no resolution. I have years of personal photos and documents in OneDrive at risk of permanent deletion. I am looking for a Microsoft moderator or escalation contact who can review this case. What are my options?

Outlook | Web | Outlook.com | Account management, security, and privacy
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Darhyl Amizola 43,085 Reputation points Independent Advisor
    2026-06-05T01:10:29.63+00:00

    Hey there! Nice to meet you!

    I'm sorry you are experiencing this.

    Since the 2FA has been enabled by the hacker, I'm afraid there is no other working method to recover the Microsoft account or escalation for this case, and Microsoft Support cannot help either.

    Thank you for your understanding.

    Best regards,

    Darhyl

    Was this answer helpful?

  2. AI answer

    2026-06-05T00:29:59.3933333+00:00

    Microsoft personal account recovery is strictly controlled and support agents cannot bypass security mechanisms such as two-step verification (TSV), even when it was enabled by an attacker. When security info is removed and replaced, and TSV is enabled by the attacker, recovery is only possible through the official automated and escalation flows.

    Based on the available guidance, the practical options are:

    1. Use the hacked/compromised account recovery flow
    • Follow the official guidance for compromised accounts: How to recover a hacked or compromised Microsoft account.
    • Start with the sign-in helper tool, which will route to self-help or an agent depending on what is possible for that account.
    • If sign-in is not possible because of TSV and removed security info, proceed to the account recovery form when prompted.
    1. Complete the account recovery form as thoroughly as possible
    • Use the account recovery form referenced in the compromised-account article (the form is the primary method Microsoft uses to verify ownership when normal sign-in and security info are unavailable).
    • Provide as much accurate historical information as possible (old passwords, subject lines of emails, contacts, billing details, etc.).
    • If the form is rejected multiple times, the account is treated as non-verifiable and cannot be recovered; support and moderators cannot override this.
    1. If the account is suspended/locked, use the reinstatement/unlock path
    • If the account was locked or suspended due to suspicious activity or violation of the Microsoft Services Agreement, follow the on-screen link that begins with aka.ms/ when attempting to sign in. This opens the account reinstatement form.
    • Submit the required information once and wait for the Microsoft Online Safety team to review it. Submitting multiple forms can slow the response.
    • For OneDrive-specific blocking ("Your account is currently unavailable"), use the Microsoft services account reset page to check status and attempt reactivation.
    1. Understand support and moderator limits
    • For locked or suspended Microsoft accounts, support agents and moderators are limited to what the automated systems allow. They cannot:
      • Disable TSV that is currently enforced on the account.
      • Manually restore removed security info.
      • Grant access to OneDrive or Outlook data without successful verification via the recovery systems.
    • Moderators on public forums (including Microsoft Q&A and Answers) cannot access or modify personal accounts and can only direct to the same official recovery and support channels.
    1. Contact support again only through official channels
    • If the recovery form and reinstatement form have already been used and the case was closed citing TSV, the only escalation path is still via official support:
      • Use the sign-in helper in the hacked-account article and follow any offered path to speak with an agent.
      • From there, ensure the existing case ID is referenced, but be aware that if the system flags the account as non-verifiable due to TSV and missing security info, agents may not be able to change the outcome.
    1. OneDrive data retention
    • For OneDrive accounts that are blocked due to suspicious activity or Microsoft Services Agreement violations, the block may be temporary in some scenarios, but if the account remains unrecoverable, data can eventually be deleted according to Microsoft’s retention policies.
    • There is no documented mechanism in the provided guidance for retrieving OneDrive content if ownership of the Microsoft account cannot be re-established through the official recovery processes.

    In summary, the only supported options are:

    • Use the hacked-account recovery flow and account recovery form.
    • Use the account reinstatement form (aka.ms link) for locked/suspended accounts.
    • Use the Microsoft services account reset page for OneDrive-specific blocking.
    • Work with official support via those channels; moderators and agents cannot bypass TSV or manual verification requirements.

    References:

    AI-generated content may be incorrect. Read our transparency notes for more information.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.