Microsoft accounts with no phone number are being locked
DebianProgrammer opened this issue ยท 104 comments
OS
Windows 10 Home x64
MultiMC Version
0.6.13-2517
Description of bug
On 9/5/2021, I migrated my Mojang account into a Microsoft one. Then yesterday, I opened MultiMC and added my Microsoft account and everything worked. Now today, I opened MultiMC and for some reason i needed to log in again. When i did, it gave me a error saying my account was locked (the error is the picture below). I went to the MultiMC discord and other people were also having the issue. Is it possible that MultiMC could be causing this? I have checked my recent activity in my Microsoft account and everything in there is what i just said.
This issue is unique
- I have searched the issue tracker and did not find an issue describing my bug.
my guess is this is related to being a new Microsoft account and unrelated to MultiMC, Facebook and Google are known for similar heuristics with new accounts
I knew it had something to do with heuristics, but i wanted to make you guys aware and any other people that may be having the issue. I just don't want to get locked again and not be able to get back in because my minecraft account is in that Microsoft account.
I'd appreciate if anyone else who runs into this issue would leave a comment here. It would be useful to know if this is only happening to people who have just created a new Microsoft account, or if there is something else going on here. From what I can tell, so far the few accounts that have been locked were newly created accounts.
Either way, this is pretty concerning. Hopefully it doesn't become a recurring issue.
As far as I'm aware, this is happening to many (all?) new accounts that are created without a phone number. Old accounts without a number seem to work fine (for now).
I tried creating a Microsoft account in preparation for the migration a few months ago (not used for anything), and it was locked. For another new account, I tried adding 2FA with TOTP immediately after account creation, and the account was also locked within a few days.
I did not use a VPN/similar to create the accounts. (I did use Firefox on macOS with privacy.resistFingerprinting on and third-party cookies blocked, however, when creating both accounts - I wonder if a more typical browser configuration or if creating the account as a Windows 10 user account would be less likely to set off the lock.)
MultiMC did not touch either of these accounts at all, so this doesn't seem like it's related to MultiMC, but rather just Microsoft requiring phone numbers to be associated with some/most/all new accounts in a roundabout way (which isn't very fun...).
E: Also, someone on r/minecraft claimed that Microsoft support told them that all new accounts require a phone number (https://old.reddit.com/r/Minecraft/comments/nvjcit/possible_big_change_coming_with_account_migration/). I'm not sure whether this is true, but I wouldn't be surprised.
I'd appreciate if anyone else who runs into this issue would leave a comment here.
Yeah. I created two MSA accounts for two of my accounts on the fifth and migrated immediately after, and added TOTP to it but no phone number. It's now required me to put in a phone number to both to unlock them. I seem to be unable to use the same phone number for multiple accounts (I only have one phone number but multiple MC and MSA accounts), meaning that my other MSA account is locked for good now.
edit: I have the same browser config as the person above and the person below me.
(I did use Firefox on macOS with privacy.resistFingerprinting on and third-party cookies blocked, however, when creating both accounts - I wonder if a more typical browser configuration or if creating the account as a Windows 10 user account would be less likely to set off the lock.)
i also have the same browser config
As far as I'm aware, this is happening to many (all?) new accounts that are created without a phone number. Old accounts without a number seem to work fine (for now).
I tried creating a Microsoft account in preparation for the migration a few months ago (not used for anything), and it was locked. For another new account, I tried adding 2FA with TOTP immediately after account creation, and the account was also locked within a few days.
...
E: Also, someone on r/minecraft claimed that Microsoft support told them that all new accounts require a phone number (https://old.reddit.com/r/Minecraft/comments/nvjcit/possible_big_change_coming_with_account_migration/). I'm not sure whether this is true, but I wouldn't be surprised.
Alright, so the lack of a phone number seems to be the common factor here instead of just the age. I wish we had more to go on than what some guy said support told him, but such is life.
Not sure what we can even do about this aside from telling people to add a phone number to their accounts and begging Microsoft to stop this nonsense. Even worse, if you have no phone, I guess you're just SOL.
Anyway, now I'd be interested to hear from anyone whose account has been locked even with a phone number on it, since that would suggest something else going on either instead or in addition to the phone number issue.
For what it's worth, here's my experience.
I'm on Linux and I've had the Microsoft account I use for Minecraft for years. It doesn't have a telephone number associated with the account, as that is used for another Microsoft account I have. However, it does have an email account from a different provider associated and is used for confirmation purposes.
I'd been using MultiMC Dev with the MS account, without issue, for a couple of weeks. Then, for some reason I had to log in to my MS account again. I believe that was just after MultiMC changed the way they handled the MS account integration. At that point I received the account locked message from the OP.
In my case, I just had to enter the secondary email account mentioned above and my account was unlocked. That was a week or so ago and it's been working fine since.
I seem to be unable to use the same phone number for multiple accounts
Maybe you can use a service called TextNow to get a throwaway phone number (which has texting features) and unlock your account using it?
Alright, so the lack of a phone number seems to be the common factor here instead of just the age.
I do want to clarify that the "few months ago" simply means that I created the account a few months ago and it was locked a few months ago - it didn't take a few months for it to lock, it took a few days. I said what I did about the old accounts because I realized afterwards that I had an old Microsoft account that I forgot about, and when I looked in its info, there was no phone number there. However, it's unlocked and working (for now).
A summary about my old, working account:
- It has no phone number in the account info
- It was made several years ago (don't remember exactly what year, but I think it was around the time Mojang began giving out free Minecraft for Windows 10 codes for those who already had Java Edition)
- It has an email from a third-party attached to it
- It was not made with any strange browser configuration (I think I used Chrome, but I don't remember exactly)
- It has been used to login to the Windows Store app on Windows 10 before
- I have NOT migrated my Mojang/Minecraft account to this account yet, so MultiMC has not touched it
All of this to say, I have no idea what (didn't) trigger a lock.
As far as I'm aware, this is happening to many (all?) new accounts that are created without a phone number. Old accounts without a number seem to work fine (for now).
I tried creating a Microsoft account in preparation for the migration a few months ago (not used for anything), and it was locked. For another new account, I tried adding 2FA with TOTP immediately after account creation, and the account was also locked within a few days.
...
E: Also, someone on r/minecraft claimed that Microsoft support told them that all new accounts require a phone number (https://old.reddit.com/r/Minecraft/comments/nvjcit/possible_big_change_coming_with_account_migration/). I'm not sure whether this is true, but I wouldn't be surprised.Alright, so the lack of a phone number seems to be the common factor here instead of just the age. I wish we had more to go on than what some guy said support told him, but such is life.
Not sure what we can even do about this aside from telling people to add a phone number to their accounts and begging Microsoft to stop this nonsense. Even worse, if you have no phone, I guess you're just SOL.
from @wafflecoffee:
I seem to be unable to use the same phone number for multiple accounts (I only have one phone number but multiple MC and MSA accounts), meaning that my other MSA account is locked for good now.
@Forkk all of this phone number non-sense is actually worse, especially the part where a phone number is considered unique and cannot be re-used for other accounts, someone I know got locked out of her MS account, which was newly created for Minecraft, but the thing is, she had another MS account long ago that got deleted, and it had the phone number associated to it, and now she can't link the phone number to her current new account.
Well, this is pretty disappointing. I'm hoping Microsoft will rethink this policy, but there isn't really much we can do about it from our end.
I'm going to close this now, as it's pretty clear that MultiMC is not causing this issue.
If I learn anything new about this situation, I'll post an update here.
I just came across this issue on here as well as saw that the reddit thread I commented on got linked here, so I figured I'd chime in here about this issue.
Microsoft accounts without phone numbers being locked has been happening for a few years now, and the age of the account does not matter (currently you're more likely to encounter the phone number prompt during the initial account creation). Even worse is that it happens after a random amount of time too and can happen when doing anything with the account (I had an old MS account my sister wanted to use to play Minecraft Bedrock and the account got locked and demanded a phone number the moment she signed in to the game with it; before that it would work fine without a phone number). Since this is something Microsoft intentionally implemented on their account system, you may also encounter this issue in the official Minecraft launcher as well.
Unfortunately the only solution is to provide an SMS-capable phone number when prompted to do so. This also means that it will soon be almost impossible to legitimately play Minecraft Java Edition without providing an SMS-capable phone number.
Why is Microsoft doing this? It's the same reason most other large services (Facebook, Twitter, Google, Discord, etc.) now require you provide a phone number to create an account: they want to tie the account to a real-life identity, most likely for data collection purposes, government laws and regulations, or something more nefarious we don't know about. They could also be planning to enforce more strict guidelines like on the Bedrock Edition, and making alternate accounts far more difficult (and expensive) to create and maintain is the perfect first step in doing so.
Why have they not bothered to mention in the official migration FAQs and content that you basically need a phone number (several if you have alternate accounts) to continue playing the Java Edition? It's simple: the vast majority of people out there (including people that play Minecraft) simply do not care about privacy or security and are used (and conditioned) to giving away their personal phone number to various companies without questions or concerns. Said people also rarely or never use alternate accounts.
Whether or not Microsoft or Mojang will actually change anything or clarify anything in the future is unknown. The only way Microsoft or Mojang would change anything quickly is if there were to be massive backlash from the community about the phone number requirement, which may never happen.
This requirement must be removed for Minecraft, imo. Even the devs have multiple accounts and needing multiple unique phone numbers is not reasonable.
It's that, or finally doing multiple profiles per account.
I completely agree that Minecraft should be exempt from the SMS-capable phone number requirement. But sadly Mojang/Microsoft will never do it since the vast majority of the community does not care about giving away their phone number and other personal information. Also they will never allow you to have multiple Minecraft profiles per Microsoft Account as it would make it easy and cheap to bypass bans from servers. It would also be bad anyways since it means an attacker gets access to all your Minecraft profiles if your MS account gets compromised in any way (through SIM-swap attack, social engineering, phishing, etcetera).
Unfortunately there is basically no way we can change anything now (like getting the SMS-capable phone number requirement removed). Posting about this on the Minecraft subreddit won't work since the post will just get buried and downvoted by the people that don't see any issues with Microsoft's practices. Other subreddits like r/privacy will probably remove it under the "already covered" rule and because Minecraft technically falls under e-sports. None of the big Minecraft YouTubers are probably interested in even covering this issue since it probably doesn't affect them (they have the money to maintain alternate accounts under the new system). Tweeting or contacting the Minecraft developers won't get anywhere since they probably don't have any control over the account migration and its requirements.
The only thing we can really do now is notify other people about what Microsoft's is doing.
My account had the same problem, it was new and had a fresh migration. (sorry for the late comment forkk)
You might remember me (as Raddah18 on discord) that I had to create a lot of MSA accounts and I followed their docs (3 per day) and they got locked anyway. Still need to unlock 28 more, all of my other alts has been migrated successfully! Good luck everyone!
This is mental. Can't we just sue them or something? I already paid for my 2 accounts and now they want more from me. A phone number is valuable personal information...
@Forkk, in reply to your comment;
My MS account is approx 5 - 7 years old. My Mojang account is fairly old too (beta or even alpha can't remember) and yet even I got hit with a locked account/phone number verification requirement.
This is not just for new accounts, either MS or Mojang.
Edit:
The only thing that I can think of that might have trigered this is that MultiMC is unverified (see attached)
The only other service that has access is Samsung (MyFiles) and that isn't unverified so ๐คท
i think i deeply regret my migration now cause now my alt account is locked by microsoft, and only can be given back access if i provide my phone number.
edit: i've decided to disassociate my phone number with a microsoft that I don't even use for minecraft, and gave the phone number to microsoft. i then went into the settings to find my phone number nowhere to be found. suspicious
edit: i've decided to disassociate my phone number with a microsoft that I don't even use for minecraft, and gave the phone number to microsoft. i then went into the settings to find my phone number nowhere to be found. suspicious
Look under https://account.microsoft.com/profile when signed in with that account and you will see it there.
I'm reasonably sure it's the unverified status of MultiMC that's triggering this.
furthermore ,it's not a phone number requirement, but an unlock requirement. if your account has a secondary email, it will use that instead of a phone number.
I think it's this.
https://docs.microsoft.com/en-us/azure/active-directory/develop/mark-app-as-publisher-verified
yes, this means you have to publish MultiMC5 on the MS store to make a version that works properly with MS Auth.
That's their real objective here.
As requested by a previous respondent to the OP I am also having this issue. For the last four or five days I've been randomly kicked off the MC server (privately owned, not realms) and told that the MS account was logged out and I would have to manually log in again. I haven't had anything asking me for a phone number yet... But it is getting kinda shitty.
I'm reasonably sure it's the unverified status of MultiMC that's triggering this.
furthermore ,it's not a phone number requirement, but an unlock requirement. if your account has a secondary email, it will use that instead of a phone number.
I think it's this.
https://docs.microsoft.com/en-us/azure/active-directory/develop/mark-app-as-publisher-verified
yes, this means you have to publish MultiMC5 on the MS store to make a version that works properly with MS Auth.
That's their real objective here.
What if it's both? Like something is wrong with the MultiMC API key (which are backed by the "ToS violation" message and maybe the unverified status of the app) AND M$ being aggressive on locking out phone-number-free accounts that are newly registered or with sudden service change (which sounds very M$).
Either way it's Extinguish$oft at its finest again ๐คฎ
I've been watching this thread with building dread for migrating my Mojang account. I have a relatively old Microsoft account that was most likely made on an Xbox 360. Logging into my Microsoft account today (using Edge, by clicking on the "Manage my Microsoft account" from W10 Settings) I confirmed that I do not have a phone number registered on my account. I don't believe that I have ever registered a phone number, but I cannot be certain of this. If I did, I removed it because I changed my phone number.
A summary of my account information:
- Most likely created on an Xbox 360, if not then via a typical browser configuration
- Third-party email address
- No phone number currently associated, and I don't believe one ever has been
- Used on an Xbox 360 in the past
- Currently used as a user account on Windows 10 (although I don't log in with it; I'm not an expert on the login system but I use a local password)
- I have yet to migrate my Mojang account (which was migrated from a "Legacy Minecraft Account" back when that happened)
As far as I can tell, this puts my account in a very good position to not become locked and thus require me to add a phone number. However, I'm inclined to wait as long as possible to avoid giving Microsoft my phone number. As most everyone else here, I think it's an awful practice. Unfortunately I also agree that it's unlikely they'll stop; we are the vocal minority.
It seems like we need a control here; someone who migrates their Minecraft account and never attempts to use it with MultiMC. If that account doesn't get locked for a decent period of time, it's likely that @zaphod77 is correct that the unverified status of MultiMC is triggering this. Ultimately, I'm willing to be a guinea pig if verification is on the table. I have no idea what that entails: it might be too expensive, time-consuming, or otherwise not feasible for MultiMC's maintainers.
I would migrate my account right now, except I want to continue using MultiMC ๐ and I have no alt accounts. So, if verification is a possibility: please mention me here and I will (eventually) migrate my account and abstain from MultiMC for the foreseeable future.
It seems like we need a control here; someone who migrates their Minecraft account and never attempts to use it with MultiMC.
Actually it's better if we have more data other than 1 since the ban might work on heuristics and are not always 100% guaranteed. In any case, we do need more data. Maybe also monitor the forums/reddit/etc. for any bans occurred on official clients?
What I can say about my findings, newly created accounts gets locked after a week, I confirmed it with my friend's alts. Same thing with my alts aswell, its not due to the @domain.tld email, one of my @gmail got locked aswell. Since last 2 months all my alts are unlocked so I'm pretty happy now, but for the others rip if they cannot migrate or cannot unlock ><
so these new accounts are getting locked after a week with the tos violation message when not using multimc5 or any other unverified app that has the same permissions?
What I can say about my findings, newly created accounts gets locked after a week, I confirmed it with my friend's alts. Same thing with my alts aswell, its not due to the @domain.tld email, one of my @gmail got locked aswell.
Did you use any/some/all of these accounts with MultiMC?
What I can say about my findings, newly created accounts gets locked after a week, I confirmed it with my friend's alts. Same thing with my alts aswell, its not due to the @domain.tld email, one of my @gmail got locked aswell.
Did you use any/some/all of these accounts with MultiMC?
No. I created those emails before starting the migration process and they got locked after a week, despite following their terms (about rate limiting on how many accs I could create).
2 days ago i migrated my minecraft account (that i bought 4 years ago) to microsoft. Today i got banned for no reason and i had to give my phone to unban myself.
Btw i have original minecraft launcher.
2 days ago i migrated my minecraft account (that i bought 4 years ago) to microsoft. Today i got banned for no reason and i had to give my phone to unban myself. Btw i have original minecraft launcher.
Just curious: How old is your Microsoft account?
apparently playing minecraft without a phone number counts as unusual activity.
people are being told to borrow their friends cellphone to do the unlock!
It seems this really is MS trying to leverage minecraft popularity to get phone numbers. :(
Thank you for sharing @RusskiyChel!
Maybe also monitor the forums/reddit/etc. for any bans occurred on official clients?
@dogtopus this has never been a solely MultiMC problem; see this reddit thread from June 2021 for example. Although it's possible that Microsoft has a heuristic that results in (whether accidental or intentional) MultiMC accounts being locked more often, this is without a doubt happening across the board. So there's nothing MultiMC can do unilaterally to fix this, although if MultiMC being unverified does have an effect then getting verified would probably improve the situation.
Just Microsoft being Microsoft. The whole "Microsoft Services Agreement" violation is probably BS if people using the official launcher get the same lock message. Why would their own launcher violate their terms?
MS really needs to fix this, since pretty sure demanding a phone number on a microsoft account created for minecraft by a 10 year old (e10+ game rating) probably violates COPPA.
So there's nothing MultiMC can do unilaterally to fix this, although if MultiMC being unverified does have an effect then getting verified would probably improve the situation.
Yes. That's what I mean by both since M$ is pretty well known for its anti-fraud system to get triggered on nothing. However if MultiMC being unverified somewhat made things worse, that's probably something that MultiMC can fix.
MS really needs to fix this, since pretty sure demanding a phone number on a microsoft account created for minecraft by a 10 year old (e10+ game rating) probably violates COPPA.
Pretty sure they will ask for parents' phone to be compliant with COPPA.
just seems silly a game rated e can't be played anymore without a phone number on PC. it's quite messed up.
also i think it's rather unlikely this app even could get verified, and ms is unlikely to ask if it will help.
Oh and to get an actual "kids account" that will work and not get locked, it seems you need your parent to do credit card AVS to consent for it's creation for 50 cents (not kidding). and yes, this is their COPPA compliance which lets kids play video games.
(emphasis mine)
also i think it's rather unlikely this app even could get verified, and ms is unlikely to ask if it will help.
What do you mean by this (the bolded portion)?
Oh and to get an actual "kids account" that will work and not get locked, it seems you need your parent to do credit card AVS to consent for it's creation for 50 cents (not kidding). and yes, this is their COPPA compliance which lets kids play video games.
I believe that most everyone here agrees with you that Microsoft should change their policy. You're preaching to the choir ๐ฅฒ
How old is your Microsoft account?
I created it at the time of migration.
(emphasis mine)
also i think it's rather unlikely this app even could get verified, and ms is unlikely to ask if it will help.
What do you mean by this (the bolded portion)?
i meant that MS is unlikely to help out there if asked. just really bad typing.
Verify third party launcher for Minecraft? yeah, no...
Adding my own anecdote here: I migrated to M$ account a few days ago and so far no ban yet. The account I use is old enough to the point that I forgot how old it is and presumably without a phone officially linked to it. Although M$ should already know my phone # by spying my years worth of emails so I won't really feel more uncomfortable linking it officially in case of a ban . I use both MultiMC and one of my custom "Launcher" build with API key generated from the same account. I never used vanilla launcher after the 1.9 update IIRC.
From the previous ban record, I think I should be in the safe zone (not new Mojang+M$ account with a ton of real activities, with proper account security enabled, etc.) if MultiMC does not really contribute significantly to the ban.
I'll keep tracking it and update if there's a ban in the future.
A little more than a week ago, I tried making a new Microsoft account, added a recovery email to it, turned on 2FA with TOTP, and didn't do anything else with the account (though I did login every few days to see if it locked). It still isn't locked, though the other accounts I made and mentioned in an earlier comment were all locked within about a week. (I guess it's possible that I just haven't waited long enough and my account will lock any day now, rendering the rest of this comment moot, but I digress)
The difference with this account was that I used a new Firefox profile which did not have privacy.resistFingerprinting enabled to create the account.
I think this configuration option has something to do with it, considering that 3 of the first few comments in a row (including mine) mentioned that they used it, yet the percent of people who use Firefox is quite small (~8% for desktop browsers according to StatCounter), and the percent who use privacy.resistFingerprinting, a hidden config option, is way, way tinier. If this indiscriminately affects all MS accounts, then you'd assume most of the people who have this issue would use Chrome, since most people in general use Chrome as their browser. I assume there's some sort of threshold for whether an account should be locked, and using privacy.resistFingerprinting alone will reach that threshold. (The lock happens after a few days, likely to make it harder to tell why it was locked.)
I'm curious if anyone can confirm that their account has been locked and is asking for a phone number who does NOT use either privacy.resistFingerprinting on Firefox, nor a VPN/similar? If your account has been locked and you do not use either of these, then:
- What did you use to make the account (e.g. Firefox, Chrome, Edge, Xbox, Windows 10 account, etc.)?
- If applicable, do you have any browser extensions/any other config options for privacy that affect the browser you used to make the MS account?
- Was the MS account made on a network shared by many people (e.g. public WiFi, a school, work, etc.)?
- How old was the Microsoft account when it got locked?
- About how old was the Mojang/Minecraft account when you migrated it (if you did so)?
- Was 2FA enabled on the MS account?
- Was a separate recovery email added to the MS account?
- Did you login to the MS account with MultiMC? If so, how long did you do so before the account got locked?
Also, could anyone who's facing this issue and uses either privacy.resistFingerprinting and/or a VPN react to this comment with a ๐๐ผ to count those too? Anyone who doesn't use either of those can leave a ๐๐ผ
tl;dr: No guarantees, but if you want to lower the risk of your account getting locked and asking for a phone #, my hypothesis is that you shouldn't use anything like a VPN or privacy.resistFingerprinting to create or login(?) to the MS account.
I think you might just got lucky since M$ new account ban should not be 100% guaranteed or more people will start complaining (probably). It might contribute to the ban though (along with tracking protection, adblocker, etc.) and it's pretty hard to tell unless we got a lot more data.
Anyway for me I did use firefox and I just confirmed that privacy.resistFingerprinting is off. Although I do have tracking protection enabled and I do all non-constant logins in private windows (including Minecraft and M$ account).
MS really needs to fix this, since pretty sure demanding a phone number on a microsoft account created for minecraft by a 10 year old (e10+ game rating) probably violates COPPA.
And in the EU it probably violates the GDPR, also it is rated PEGI 7.
EDIT: Whoops, pressed enter early. The GDPR is also still in force in the UK as far as I know. Also, I haven't had a ban, (I have a second email registered on my Micro$h*t account) on my migrated account (yet).
Has this somehow stopped being a concern since the last comment...?
Yeah, can somebody please give evidence as to how this is no longer considered a concern?
Yeah, can somebody please give evidence as to how this is no longer considered a concern?
Not sure if apparently people started to complain less about it is considered an evidence...
Not sure what you three are talking about, nobody said anything changed. There's just nothing for MultiMC to do about it and everything that needs to be said has been said in here.
Not sure what you three are talking about, nobody said anything changed. There's just nothing for MultiMC to do about it and everything that needs to be said has been said in here.
That is a good point, but I don't see why it should be unpinned.
So this shit is MultiMCs fault? I just got my +10 year old account locked after being forced to creating this Microsoft account and then logging in the first time.. And there's of course now way of contacting anyone at Microsoft.
This is just great!
So this shit is MultiMCs fault? I just got my +10 year old account locked after being forced to creating this Microsoft account and then logging in the first time.. And there's of course now way of contacting anyone at Microsoft.
This is just great!
It's not a MultiMC issue, it's a Microsoft policy that affects all Microsoft Accounts regardless of age. If they think the account is potentially a burner/alt-account or otherwise suspicious in any way they lock it and require SMS verification to unlock it, which gives them whatever real-world identity is associated to the phone number (it's public information just so you know). In my opinion the entire point of the Migration was to kill off anonymous alternate accounts and as gather as much data as possible from all the people that play the Java edition.
I don't understand how they can't understand that this is going to cause a major upstream in piracy of Minecraft. It's not like we're going to keep buying Minecraft every time they ban our accounts...
I don't understand how they can't understand that this is going to cause a major upstream in piracy of Minecraft. It's not like we're going to keep buying Minecraft every time they ban our accounts...
Mojang/Microsoft clearly understand and know what they're doing, they just don't care because the amount of players that actually care about the issue and would do something about it is tiny compared to the amount of players that don't care at all.
I would like to apologise for blaming MultiMC here. I jumped the conclusion way to fast.
I assume that the issue was that I was using a VPN. And this is against Microsofts terms of service? I was able to solve it by waiting a day and then trying again, only this time without my VPN and with a borrowed phone number from a friend. I then got the code via text message and I could finally get my account back.
I assume that the issue was that I was using a VPN.
VPN can certainly be "suspicious" in M$'s eye since the IP may come from a datacenter and they might just assume that it's a bot.
Ran into this problem, and I'm perfectly aware it's not MultiMC's fault, but I'd like to suggest to anyone in EU having this problem that they should send a GDPR request. If Microsoft would like to harvest phone numbers to preempt abuse, they should say so, not accuse people of unspecified TOS violations. If you have been accused of unspecified TOS violations, I think it's perfectly justified to send them a request for details since it's very much about your personally identifiable information.
Microsoft made the place you can send privacy law-related requests hard to find, but here it is:
https://www.microsoft.com/en-us/concern/privacyrequest-msa
You don't have to be a lawyer, I'm not, and I've successfully sent GDPR requests to many companies. Though I think it's a good idea to stay reasonably formal.
Ran into this problem, and I'm perfectly aware it's not MultiMC's fault, but I'd like to suggest to anyone in EU having this problem that they should send a GDPR request. If Microsoft would like to harvest phone numbers to preempt abuse, they should say so, not accuse people of unspecified TOS violations. If you have been accused of unspecified TOS violations, I think it's perfectly justified to send them a request for details since it's very much about your personally identifiable information.
Microsoft made the place you can send privacy law-related requests hard to find, but here it is:
https://www.microsoft.com/en-us/concern/privacyrequest-msa
You don't have to be a lawyer, I'm not, and I've successfully sent GDPR requests to many companies. Though I think it's a good idea to stay reasonably formal.
That's a good idea. Would anyone like to share a general message that we can copy paste? :)
Fully aware this issue is pretty moot but just throwing in that I've been hit with this too. Migrated my 2 accounts on Friday, and suddenly there's a lock on the one. I've held these accounts for a long time but they've both been placed into brand new microsoft accounts, as I did not have anywhere else to put them. Which is really annoying considering I just want to play the game I paid for. I'll skip that rant though.
I was able to sign back in by giving a phone number. I'm hoping this won't lead to more issues down the line. But just in case anyone is wondering, yes this is apparently still an issue.
To everyone here who had an account being locked:
Could you please tell me if any of you used the official launcher when that happened?
I'm trying to figure out if it's solely related to using not the official launcher and hence be deemed "suspicious activity", or if it happens regardless.
You can also contact me privately on Twitter (DMs are open, you don't have to follow me), or Reddit, or InstaGram - my handle is there "LapisDemon" as well.
Thank you very much in advance.
Meri
@LapisDemon just like pizza4554, i migrated 2 mojang accounts and the alt account got locked out (confirmed here). i think i migrated my main first, then my alt second.
this raises a question for @pizza4554 (who did something similar to me, mostly): did the second account you migrated get locked? or is it the first one? did you also migrate one after the other and create new microsoft accounts one after another?
(speculation: registration on the same ip address, causing account locks and requiring verification due to too many new accounts created. no guarantee that will apply to every single situation)
i was not using the official launcher (multimc), and so didn't notice that i could migrate (until i went to the minecraft.com account page, which is where i started migrating)
i migrated one account after another, both onto a newly created microsoft account with it's own unique email address (duckduckgo private email, also does not match with the previous set email addresses as in the mojang account) and both with similar auth requirements (2 step whatever).
i did however, had to give my phone number to the account that was locked (alt). i then proceeded to check if the phone number has been added to the account, and to my surprise, no. it just got voided and the purpose for the phone number was just a check.
Microsoft loves to lock newly created Microsoft Accounts not due to the launcher used or migrated with. I warned my friends when they migrated their alts that after a week they will get locked
is it 100% true that only newly created MS accs get locked? I've read from a few people it also happened with old accs created before MCJE migration even was announced, and it's difficult to figure out what triggered their "suspicious activity" system.
is it 100% true that only newly created MS accs get locked? I#ve read from a few people it also happened with old accs created before MCJE migration even was announced, and it's difficult to figure out what triggered their "suspicious activity" system.
From my assumption, yes. Two of my friends migrated their account recently to a newly created MS account and after a week (or less, idk) they got locked.
Weird, as I've read also otherwise. I guess I'll have to ask in a video about it to try to figure out if this is truly solely new MS accs.
It's obvious why this is being done, if you know what Microsoft plans in general (not solely in relation to MC or MCJE), but in order to be able to get a clear view on this occurrence, I'd love to have some bigger stats to be sure about the circumstances.
Thanks to everyone who might help clearing this up over time, I'll try what I can do to ask others outside of this thread.
this raises a question for @pizza4554 (who did something similar to me, mostly): did the second account you migrated get locked? or is it the first one? did you also migrate one after the other and create new microsoft accounts one after another?
It was actually the one I migrated first that appeared to get locked. Incidentally, this was the newer of the two Mojang accounts, but it was the one I migrated first making it the older Microsoft account (albeit by a matter of minutes). I haven't actually checked my other one. I will have to do that when I get an opportunity.
Either way, I'm inclined to agree that this is about something else. The whole thing just seems really odd.
Sorry for longer post in advance, this topic is a bit complex, and I'm not native English.
I just asked some of my buddies, one already replied to me that, yes, this also happens with the official launcher, as he only had used the official launcher.
He wrote exactly: "New MS accounts get locked. I got my account locked before migration was a thing when signing in to BE, also when I created an account to test out the game pass"
I asked those people who contacted me privately about this issue since a couple months, and if anybody would say otherwise than the aforementioned buddy of mine, I'll let you know.
Wish I could write this in a spoiler for those not interested in some more background intel:
I've been following this thread silently nearly since it was created for a good reason, and tried own means online, e.g. here as well as also IRL, to get to the bottom of this and more related issues, to try to improve on all issues all MS account holders are facing, Minecraft players or not.
I intentionally didn't mention phonenumber collection this far, neither in said Redditpost, nor in any other public medium - this is the first place where I do that now.
I currently work on a video where I also ask those who see it to contact me privately, in case their MS acc got or will be locked - I didn't mention, why, though - yet.
As soon as I got more people getting back to me so I can get a clearer picture, I'll let you guys know, if still needed (if my and my buddies' current assumptions are proven wrong that this affects/will affect at least all newly created MS accs; potentially, somewhen, all MS accs, unless they already provided a mobile phone number that is stored inside one's MS acc, e.g. via 2fa).
I could give you my elaborate thoughts of my research thus far on this matter, more than just simply stating:
Currently, it looks as if any new(er) Microsoft account will get eventually locked, and this has nothing to do with MCJE migration, any form of "suspicious activity" or the likes, but just with the MS acc itself.
Since 2013, I've more intensely researched Microsoft, so if you really want to know the reason why they demand phone numbers, I can elaborate, but I'm not sure if this is the right place and time.
Greetings, and again thank you in advance for any help.
Meri
I can believe that MS is trying to force phone numbers onto all accounts. But on the other hand, minecraft is played by kids too young to collect phone numbers from, and each person in the house needs an account.
So something is not right.
I can believe that MS is trying to force phone numbers onto all accounts. But on the other hand, minecraft is played by kids too young to collect phone numbers from, and each person in the house needs an account.
This is exactly one of the reasons why parent accs exist, where parents ought to put their child under.
There's a migration FAQ how to migrate your child's MCJE acc/integrate it into your family MS acc.
Children will eventually outgrow, become adults, and as they are already accustomed to the MS eco system, are likely to stay there and can then finally be used for targetted advertising.
I'm saying this since 2014, that MS didn't buy a game, but (a) generation(s).
And the generations thereafter.
To everyone here who had an account being locked:
Could you please tell me if any of you used the official launcher when that happened?
I'm trying to figure out if it's solely related to using not the official launcher and hence be deemed "suspicious activity", or if it happens regardless.
You can also contact me privately on Twitter (DMs are open, you don't have to follow me), or Reddit, or InstaGram - my handle is there "LapisDemon" as well.
Thank you very much in advance. Meri
Has anyone actually gotten a confirmed lock who has only used official launchers? I suspect there IS a specific exception for accounts created just to play Minecraft, but authorizing MultiMC removes that exception, and triggers the lockdown.
Not sure if this counts but the old MS account that I created to try out the Bedrock Edition (back when it was free and named Windows 10 Edition) got locked and demanded a phone number when my sister used it to play Minecraft Bedrock (the official UWP app through Microsoft Store) on her Windows laptop. The account worked fine everywhere else until she used it to specifically play the game, and she never used the account with any 3rd party programs and websites.
My sister also migrated our old Mojang account to another MS Account (her personal one) last month, however she has not used it in a little while so neither of us know if the account has been locked with the phone number requirement or not. I also do not know if my sister has ever added a phone number to her personal account or if it was ever locked with the phone number block either, but I'll try to find out.
Hello everyone, here is first feedback, as mentioned.
I was contacted privately by some, hence I'll copy & paste a public YT comment instead, as what they say is 100% congruent with those private messages thus far:
I migrated my account. Had to create a fresh account, I made a new Microsoft account as I migrated (MS account created after I clicked the migrate button for the first time).
I used the same email that I used with Mojang to sign up for the MS account..
The next time I tried to log in my account was locked.
It was never used since sign up. It forced me to add my mobile number.
There was no message as to why it was locked, and it instantly unlocked when I hesitantly put in my number.
Pretty sure they just wanted my mobile number to add to their data...
To add to that:
None I asked used anything like alternate launchers, VPN or anything that could have triggered a "suspicious activity" MS ban- or rather lock-hammer.
All thus far also have in common that they were relatively new MS accs, and that they were locked within roughly a week upon registering the MS acc; some like the quoted YT commentator reported that they just registered the MS acc, left it alone (for more than a week) and upon trying to login again, they received the lock.
Others reported they did migrate and play normally, didn't use any alternate launchers nor mods, but also gotten an acc lock with mandatory phone number message.
Seems to hint that at least not using a new MS acc within that 1 week period could be one of the factors triggering the lock, but this is pure speculation currently.
But that even those who used the MS acc within that week received an acc lock, seems to hint that this is a method by design.
Also speculation on my end, but the cases where this is happening are piling up, hence the chance for being "accidentally" seems more and more unlikely - at least to some people including myself.
In case you haven't already, I strongly advise anyone with a MS acc who didn't insert a phone number yet voluntarily and doesn't want to, e.g. out of privacy concerns, to immediately Generate a RECOVERY CODE.
- You can do so via account.microsoft.com/security
- On the "Security" page, click the "Advanced security options" field, it could be currently the third from left.
- Scroll to the very bottom of that page
There you see:
Recovery code
You can use this code to access your account if you lose access to your sign-in info.
Print this out and keep it in a safe place or take a picture of it.
Generate a new code
^^^ Click "Generate a new code"
If you do, a kind of inline-popup should appear with your Recovery Code, a long code consisting of 5 pairs with 5 chars each, both letters and numbers.
You can print it out, and, frankly, I definitely would, and store it safely on real paper plus other safe methods.
Next time MS might lock you out, instead of giving a phone number, it should be possible to use that Recovery Code instead.
At least that's what I hope, I haven't been able to verify this yet.
If any of you might run into this issue and have had a Recovery Code and it saved you to add a phone number, please let me know.
Thank you very much,
Meri
Hello everyone, here is first feedback, as mentioned. I was contacted privately by some, hence I'll copy & paste a public YT comment instead, as what they say is 100% congruent with those private messages thus far:
I migrated my account. Had to create a fresh account, I made a new Microsoft account as I migrated (MS account created after I clicked the migrate button for the first time).
I used the same email that I used with Mojang to sign up for the MS account..
The next time I tried to log in my account was locked.
It was never used since sign up. It forced me to add my mobile number.
There was no message as to why it was locked, and it instantly unlocked when I hesitantly put in my number.
Pretty sure they just wanted my mobile number to add to their data...
To add to that: None I asked used anything like alternate launchers, VPN or anything that could have triggered a "suspicious activity" MS ban- or rather lock-hammer. All thus far also have in common that they were relatively new MS accs, and that they were locked within roughly a week upon registering the MS acc; some like the quoted YT commentator reported that they just registered the MS acc, left it alone (for more than a week) and upon trying to login again, they received the lock.
Others reported they did migrate and play normally, didn't use any alternate launchers nor mods, but also gotten an acc lock with mandatory phone number message.
Seems to hint that at least not using a new MS acc within that 1 week period could be one of the factors triggering the lock, but this is pure speculation currently. But that even those who used the MS acc within that week received an acc lock, seems to hint that this is a method by design. Also speculation on my end, but the cases where this is happening are piling up, hence the chance for being "accidentally" seems more and more unlikely - at least to some people including myself.
In case you haven't already, I strongly advise anyone with a MS acc who didn't insert a phone number yet voluntarily and doesn't want to, e.g. out of privacy concerns, to immediately Generate a RECOVERY CODE.
- You can do so via account.microsoft.com/security
- On the "Security" page, click the "Advanced security options" field, it could be currently the third from left.
- Scroll to the very bottom of that page
There you see:
Recovery code
You can use this code to access your account if you lose access to your sign-in info.
Print this out and keep it in a safe place or take a picture of it.Generate a new code ^^^ Click "Generate a new code"
If you do, a kind of inline-popup should appear with your Recovery Code, a long code consisting of 5 pairs with 5 chars each, both letters and numbers. You can print it out, and, frankly, I definitely would, and store it safely on real paper plus other safe methods.
Next time MS might lock you out, instead of giving a phone number, it should be possible to use that Recovery Code instead.
At least that's what I hope, I haven't been able to verify this yet.
If any of you might run into this issue and have had a Recovery Code and it saved you to add a phone number, please let me know.
Thank you very much, Meri
Just tried this out with a brand new MS Account, they seem to require you add another email address or a phone number to the account before you can access the "Advanced security options" page. Though this may only apply if during creating an account you choose to get a new email address instead of using an existing one. I'll have to try and get a non-disposable email address (disposables won't work since the email you add is attached as a recovery method, and disposables tend to be reused or deleted). Why they didn't ask for this during account creation is mind-boggling, but probably the same reason they don't immediately ask for a phone number.
Hello MCNerd!
Just tried this out with a brand new MS Account, they seem to require you add another email address or a phone number to the account before you can access the "Advanced security options" page.
Thank you very much to bring this up, it slipped my mind while I wrote my last message.
Thanks to you I was reminded that I do have this point in my "DOs and DONT's of MCJE migration / MICROSOFT account" script, that one shall add another/alternative email address, as this could be a potential recovery method as well.
I read quite a while back (from 1 person only thus far) that with this very alternate email address, they could indeed recover their MS account! Wanted to have this confirmed, as I only read it thus far from 1 person, so I noted it down, just to be safe, in case it was actually possible and would also really work.
I wasn't aware you can do this whilst going to the "Advanced Security" page first time, so this is extremely valuable intel!
Thank you so much!
I wasn't aware of that yet.
I'll make sure to add this to the script.
Though this may only apply if during creating an account you choose to get a new email address instead of using an existing one. I'll have to try and get a non-disposable email address (disposables won't work since the email you add is attached as a recovery method, and disposables tend to be reused or deleted).
It would be fantastic of you if you would be so kind to test that, and get back to us/me, so I can share it.
However, I don't know exactly how they would figure it is a new email address? What do you mean by that?
As for emails: A buddy of mine who is into privacy recommends Proton Mail for its safety.
Apparently one can even set up an own Proton Mail Server (free software)? - I'll look into that some more eventually.
Why they didn't ask for this during account creation is mind-boggling, but probably the same reason they don't immediately ask for a phone number.
If you look at all the security breaches, MS is also apparently not perfect in other matters, so maybe they simply didn't think of doing so (yet), the possibility to add a second email address (or phone number) if you register a new MS acc (and I'm 100% with you there, they really should do that).
That being said, one might tend to think that even a big company like MS should have noticed by now that there are plenty of people being locked, as MS collects a lot of data and makes lots of statistics for that data.
(There's a current hypothesis related to WIN11 that being locked out is intention, but that would lead too far for here and now.)
Plus, I've seen people complaining about their acc being locked so they had to give a phone number on Twitter towards Mojang (potentially also MS?) and big MC YTers of the English-speaking MC community also some Mojangsta follow, hence it seems to me currently that it would be really mind-boggling if it hadn't come to MS' attention by now; at least maybe also due to an increase, influx, of people contacting MS Support for it.
(Let's put aside that those big MC YTers - at least some of them endorsed by MS - are not backing their fans by using their reach and influence and don't report about this on their YT channel for some reason.)
Thank you so much for your feedback and help!
The main reason this is even an issue is minecraft is a kids game, and collecting phone numbers from kids violates privacy laws.
Yes exactly, this is surely one of the, or the reason Microsoft came up with the parental control/parent account.
That being said, if I go by psychological studies about children and their awareness (or the absence thereof) regarding the monetary background of games, it's clear that (not only) Microsoft raises generations into their eco system, to get them accustomed to that sort of "no concern for privacy", and eventually also exploit them for targetted advertising, as soon as they are no minors anymore and can move to their own account.
But there aren't many I know so far raising concerns about this.
It seems that all account are intended to have a phone number now, except for kids accounts, which need to be linked to a parent account's email. And a recovery email is allowed as a substitute, for if you don't actually have a phone number.
Or if you don't want to give out a phone number.
That being said, if you only get the option shown to insert an alternative email for account recovery, as soon as you go to "Advanced Security", as MCNerd said, not many who actually are concerned about their privacy might even know about this, and thus will have to hesitantly insert their phone number, unless they can and want to spend the time to try to talk it out with MS Support, to avoid doing so.
Hello MCNerd!
Just tried this out with a brand new MS Account, they seem to require you add another email address or a phone number to the account before you can access the "Advanced security options" page.
Thank you very much to bring this up, it slipped my mind while I wrote my last message. Thanks to you I was reminded that I do have this point in my "DOs and DONT's of MCJE migration / MICROSOFT account" script, that one shall add another/alternative email address, as this could be a potential recovery method as well.
I read quite a while back (from 1 person only thus far) that with this very alternate email address, they could indeed recover their MS account! Wanted to have this confirmed, as I only read it thus far from 1 person, so I noted it down, just to be safe, in case it was actually possible and would also really work.
I wasn't aware you can do this whilst going to the "Advanced Security" page first time, so this is extremely valuable intel! Thank you so much! I wasn't aware of that yet. I'll make sure to add this to the script.
Yeah I wasn't expecting that to come up either. I only chose the option to get a new email address since I didn't want to create a burner and was intending to dispose of the account. Actually all the security options are locked until you add a recovery email or phone number.
Though this may only apply if during creating an account you choose to get a new email address instead of using an existing one. I'll have to try and get a non-disposable email address (disposables won't work since the email you add is attached as a recovery method, and disposables tend to be reused or deleted).
It would be fantastic of you if you would be so kind to test that, and get back to us/me, so I can share it. However, I don't know exactly how they would figure it is a new email address? What do you mean by that?
As for emails: A buddy of mine who is into privacy recommends Proton Mail for its safety. Apparently one can even set up an own Proton Mail Server (free software)? - I'll look into that some more eventually.
I will test that out and get back to you. I've already created and signed into a ProtonMail account with my IP address before and I'd rather not link that one to the account so I'll try creating a new one. Not sure if the ProtonMail people will be against that or not though.
Why they didn't ask for this during account creation is mind-boggling, but probably the same reason they don't immediately ask for a phone number.
If you look at all the security breaches, MS is also apparently not perfect in other matters, so maybe they simply didn't think of doing so (yet), the possibility to add a second email address (or phone number) if you register a new MS acc (and I'm 100% with you there, they really should do that).
That being said, one might tend to think that even a big company like MS should have noticed by now that there are plenty of people being locked, as MS collects a lot of data and makes lots of statistics for that data.
(There's a current hypothesis related to WIN11 that being locked out is intention, but that would lead too far for here and now.)
I personally think they do know that people are getting locked out, they just don't care since it's a small minority of players getting locked out. Also they are making lots of money from all the telemetry and data they collect from the players that do comply, which gives them even less reason to acknowledge the issues.
Also would not be surprised if that hypothesis with Windows 11 is also true, since that OS seems to be designed from the ground up to collect your data, connect you to the cloud, push UWP down everyone's throats and allow for far more intrusive DRM. The fact that you need Enterprise to set it up without Internet and harden it, and the fact that Microsoft killed off the only method for end-users to legitimately purchase anything higher than Home and Professional, basically proves this.
Plus, I've seen people complaining about their acc being locked so they had to give a phone number on Twitter towards Mojang (potentially also MS?) and big MC YTers of the English-speaking MC community also some Mojangsta follow, hence it seems to me currently that it would be really mind-boggling if it hadn't come to MS' attention by now; at least maybe also due to an increase, influx, of people contacting MS Support for it.
(Let's put aside that those big MC YTers - at least some of them endorsed by MS - are not backing their fans by using their reach and influence and don't report about this on their YT channel for some reason.)
It's good that people are doing that to the Mojang people and to the big MC YouTubers. Far more people have to be doing that though, since if it's a small group of people the Mojang people and big MC YouTubers can simply ignore the comments and sweep it under the rug. And the big MC Youtubers should be called out as well, since they will probably act if their reputation and popularity is on the line.
Thank you so much for your feedback and help!
You're welcome.
OK, just added a recovery email (created another ProtonMail account) to the account and I also saved a recovery code too. Now I guess I have to wait until a week has passed since creating the account.
And by making a new ProtonMail email address, I thought the ProtonMail people limited you to having only one email address or account at a time unless you pay, and that they can terminate your accounts if you make more than one free account.
The main reason this is even an issue is minecraft is a kids game, and collecting phone numbers from kids violates privacy laws. And no one bothers to make a kids account, because they don't want their parents controlling things. At least i think they removed the cost to create them now. But that's how you are supposed to do it..
This is a theory, but that's not what Microsoft said at any point.
They said that I had violated their TOS, and that for safety reasons they couldn't reveal to me exactly how, and that to forgive me they required a phone number (not necessarily my own, they explicitly specified!) which might be stored for several years for unspecified safety purposes but "would not be linked to my account". I think they are on very thin ice wrt. privacy laws already.
In case you haven't already, I strongly advise anyone with a MS acc who didn't insert a phone number yet voluntarily and doesn't want to, e.g. out of privacy concerns, to immediately Generate a RECOVERY CODE.
...
Next time MS might lock you out, instead of giving a phone number, it should be possible to use that Recovery Code instead.
At least that's what I hope, I haven't been able to verify this yet.
If any of you might run into this issue and have had a Recovery Code and it saved you to add a phone number, please let me know.
Thank you very much, Meri
I generated a recovery code directly after migrating my Mojang account to Microsoft. The account was locked a few days later, but unfortunately I couldn't find any option to use the code instead of a phone number.
I guess it's possible I just missed the option, but I think it's unlikely. I think recovery codes are more for if you lost your password or something, and when your account is locked, the problem is not that you can't log in, it's just that they won't let you do anything.
I generated a recovery code directly after migrating my Mojang account to Microsoft. The account was locked a few days later, but unfortunately I couldn't find any option to use the code instead of a phone number.
I guess it's possible I just missed the option, but I think it's unlikely. I think recovery codes are more for if you lost your password or something, and when your account is locked, the problem is not that you can't log in, it's just that they won't let you do anything.
Hello, thank you very much for your feedback!
That's a bummer, but next step:
Contact Support, tell them you've got a Recovery Code and that they shall thus unlock your account based on that.
I can't request this from you, but in case you would do this online via chat, would you be so kind to make screenshots of the whole conversation? Of course, censoring out any information that would point at you as a real life person or similar.
If you contact MS Support via phone (that's also possible apparently), it'd be also great to have that audio, just in case.
Please keep us/me informed, you can also do so privately.
Reddit, Twitter (DMs are open, you don't have to follow me), Instagram: all LapisDemon
Planet Minecraft: Meridiana
Thank you very much in advance for your help!
Meri
PS: Edit: Please, if you give us or me an update, also provide the link(s) and/or phone number / how you contacted Support, as this might also be of interested to some, and it'd facilitate also my own research.
Thank you!
I guess it's possible I just missed the option, but I think it's unlikely. I think recovery codes are more for if you lost your password or something, and when your account is locked, the problem is not that you can't log in, it's just that they won't let you do anything.
To quickly add to that:
I did read somewhen that someone managed to unlock their MS acc via said Recovery Code.
So it must be possible - maybe dependent on the Support person you encounter, so in case 4 won't help you, maybe the 5th one will. You can also demand to escalate your case to a higher level support.
This website says:
"Possession of a Microsoft account recovery code is proof you are the account owner and should be allowed in should you ever lose account access."
It seems.. let's say - "strange" - that Microsoft mentions on their "Account locked" help page solely unlocking via phone.
This can't be right.
Your Recovery Code identifies you clearly as your MS account's owner.
Period.
If this wouldn't work, I'll look more into it and contact Microsoft personally via phone to see what they'll reply regarding that.
Hence please keep me updated.
A buddy just told me that "the way it's worded is they locked your account because suspicious activity, not because you are not the owner of the account" - so in case Support might try to convince you this is the reason why you'd have to insert a phone number:
Ask them what exact "suspicious activity" you conducted.
If they'll argue they mustn't tell you due to privacy/data protection, definitely have them escalate this to high-level Support.
Provide them with any intel you got about your MS account, e.g. which date created, what for, what you did do with it, anything in your personal user profile, be it gamertag, date of birth (in case you inserted one), name, everything.
Maybe one should add as "how to unlock your MS account" FAQ a "record or at least screenshot your account, or the creation of it".
I'm sorry this happened to you, but if nothing of what I suggested to you will help, MS can't have actual legal ground on this.
If they do, my opinion on this company even worsened.
At the very least this must go against EU GDPR.
Whatever happens, I can assure you, as long as I'm around, I'll at least try my best to solve those issues, virtually, as well as IRL.
Take care.
It might still be that "new accounts must all have phone number" but they also want to take G****e refugees so they pulled off a bait and switch.
I mean phone number linked with account is so normalized to the point that almost no one will fight for it unless you believe in privacy and a huge EFF fan or something...
That being said, if everything fails, try contacting EFF and attach discussions here and relavent reddit posts/youtube comments and see if they are interested in informing people about this issue? Not minecraft specifically but the act of locking down new accounts for no reason in terms of "preventing frauds" and collecting phone numbers or sometimes even IDs in general.
It might still be that "new accounts must all have phone number" but they also want to take G****e refugees so they pulled off a bait and switch.
I've got testimony by a user Support told them that indeed all MS accs require a phone number.
Unfortunately, they couldn't provide me with a screenshot of it, but of the rest of the chat conversation, and I trust them that they didn't make this up.
So let's hypothesize for a brief moment that this is what MS really pushes - which would btw also harden my suspicion about the WIN11 + "Multiverse" background - this can't be in any way at the very least according to GDPR.
I know some of the issues EU data rights protectors are facing due to BigTech stalling ePrivacy (which is even more outdated and lower protection than GDPR) and lobbying, so we can't do much with just our suspicions that this is "intentional design".
All we've currently got are circumstantial/presumptive evidence.
Sure, given MS' past conduct since decades, this is not some of us wearing tinfoil hats nor conspiracy theorizing.
While we can't know for sure, it might be that MS would eventually stumble upon this public thread, hence maybe, if you would be so kind, relay any intel that could prove anything towards me privately.
I mean phone number linked with account is so normalized to the point that almost no one will fight for it unless you believe in privacy and a huge EFF fan or something...
Also EU data rights protectors got issues with how the current state of law/regulations is, unfortunately.
That being said, if everything fails, try contacting [...]
I'm also active IRL, but things take time.
I'm not sure if this will help, but here's a transcript of my chat with a Microsoft support person.
This is what I put in the account reinstatement request form:
I migrated my Mojang account to a Microsoft account and used it for less than a week. Now I'm unable to log into any Microsoft services because my account is locked. I have no idea why it would be locked, and I don't want to give out my phone number.
I spoke with a support representative named Eljane (case no. xxxxxxxxxx). They said accounts are only locked for these reasons (quoted verbatim):
1.Don't do anything illegal.
2. Don't engage in any activity that exploits , harms, or threatens to harm children's.
3. Don't send spam or engage phishing.
4. Don't publicly display or use the Services to share inappropriate content or material 9 involving , for example . nudity, bestiality, pornography, offensive language, graphic violence, or criminal activity)
5. Don't engage in activity that is fraudulent, false or misleading.
6. Don't circumvent any restrictions on access to or availability of the Services.
7. Don't engage in activity that is harmful to you, the services or others.
8. Don't infringe upon the right of others.
9. Don't engage in activity that violates the privacy of others.
10. Don't help others break the rules.To my knowledge, I have not done any of these things.
Can you please tell me why my account is locked and unlock it?
I'm not sure if this will help, but here's a transcript of my chat with a Microsoft support person.
Hello David, this helps a TON already, thank you so very much for your help!
It helps, as at least in your Support encounter, we can see that they offer a secondary option other than phone number, if one just insists of not giving one out (or friendly declaring one hasn't got one).
That the form you were offered got a request for phone yet again, but there can be inserted even a fake number (which the general user might not know and then hence would feel inclined doing so, to unlock their account) - I'll leave that one uncommented.
David, if I were to censor both your and the Support employee's name, would you be okay with me using your Support chat somewhen in the future publicly in a video about this general issue, plus maybe also in my private conversations with privacy / data rights protectors?
If possible, would you be so kind to keep us or me updated on your case?
It would be great to know if the next-level Support will free your locked account, despite not giving out a phone number.
Question: Did you also generate a Recovery Code before you were locked out?
And/or inserted a secondary email address to your account before you were locked out?
If you prefer a more private conversation, you can contact me on Twitter (DMs are open, you don't have to follow me), Instagram, Reddit, all with username
LapisDemon
PlanetMinecraft:
Meridiana
Thank you so very much again for your help!
Kinds regards,
Meri
David, if I were to censor both your and the Support employee's name, would you be okay with me using your Support chat somewhen in the future publicly in a video about this general issue, plus maybe also in my private conversations with privacy / data rights protectors?
Sure. Thanks for fighting the good fight.
Question: Did you also generate a Recovery Code before you were locked out?
And/or inserted a secondary email address to your account before you were locked out?
No to both.
Sure. Thanks for fighting the good fight.
Thank you so much! Also for your help and openness.
I'm sorry this happened to you at all.
Let's wait and see how higher-level-Support will deal with your "no-phone-policy".
No to both.
That's a bummer, as it might make the unlocking of MSA easier.. emphasis on might, as Support can simply claim you violated some of the CoC (Code of Conduct), and it's thus not about proving your ownership of your MSA, but that you didn't violate the CoC.
I hope the higher-level Support will be able to tell you what exactly you shall have violated.
However, let's look at it from the legal side:
I would reverse the proof of violation here.
"Unguilty until proven guilty".
It's not about you having to prove that you didn't violate the CoC, but it's MS.
They ought to tell you what you did exactly.
You are the layperson, their tech snapped at you, so now you've got to lay the ball in their court.
It's up to them to prove what you did.
And if that higher-level-Support can't tell you as well, escalating this to the next Support-level would hopefully succeed in retrieving that intel.
In case they will unlock your account "due to their good will" (just very hypothetically, as they wouldn't like too many detailed questions and thus rather unlock your account), and if it woud not be too much trouble, it'd be interesting to see what higher-level Support might answer if you were to insist on knowing what exactly you did to violate the CoC - so as to not violate it accidentally in the future again, of course.
As soon as you've unlocked your account hopefully, immediately go to "Advanced Security", generate a Recovery Code and insert a secondary email; if you're concerned about your privacy, no email that refers to your persona, but e.g. anonymous Protonmail.
Thank you so much again.
Have a great weekend.
I'm not sure if this is helpful or not, but the Microsoft Account I created over a week ago is surprisingly not locked. I can still log in to it without any issues. However I never did anything on the account except for check on it a couple of times. Is there anything else I can test, like attempting to use it with Minecraft and see if it gets locked?
Also sorry for being late, the internet I used to make the account was unusable for a few days.
I migrated from Mojang account to a newly registered Microsoft account 3 days ago.
I immediately set up TOTP authenticator (but not 'Microsoft Authenticator'), then was able to repeatedly log into MS account in browser and MultiMC.
It's now locked out as of today, exact same message.
I have a 'recovery code' from viewing MS account in browser - there's no option to use it as part of this lock-out, only phone numbers.
Microsoft 365 family subscription, an invited member (MS account created freshly for this purpose) locked out in two days, the only activity being uploading couple years' worth of pictures from iPad to OneDrive.
MultiMC definitely has nothing to do with this. Microsoft sucks, big time.
MultiMC definitely has nothing to do with this.
Indeed. 100%.
Thank you for sharing your story, and confirmation.
Microsoft sucks, big time.
Whether it's yet once again one of their "imperfect" coding and usage of infant AI/"machine/deep learning" technologies, or "intentional design" that looks seemingly random, remains the question.
The outcome and the way out of it are a data catastrophy in any case.