Security of Microsoft is awful

Dear TimothyBexon,

Thanks for your post in Microsoft Community. 

Based on your description, you have received numerous account login anomalies from Microsoft.

You are very concerned that people have been hacking into your email account. I suggest you address the source of the emails you've received, and you need to protect your account. If no one is attempting to log into your account, you wouldn't receive these emails.

Here are my recommendations for your issue:

Remove login permissions for the current account name.
This measure can effectively prevent intruders who already know your account name.
To do this, please click this link (https://account.microsoft.com/) and log in to your Microsoft account.
Then click "Your Info" on the left, and click "Edit Account Info" on the right side of the opened screen.
On this interface, you can add an alias to your account as a new login name. Due to the current security risks associated with your account, I recommend creating an alias with an outlook.com extension that does not require verification. (If you use a custom alias below, the system will prompt you to verify if this alias exists. Only actual email addresses can be added as aliases.)
After that, you need to click "Make primary" next to the new alias to set it as the primary alias. Then, click "Change sign-in preferences" at the bottom and uncheck the box next to your current account name.

You have successfully removed the login permission for the account name. You can test this by entering your account name on the login screen, and Microsoft will remind you that the username does not exist.
This will prevent you from logging in, just like those trying to hack into your account. Please note that in this case, you will not be able to log in using this account name.

Remember the account name you changed. Additionally, we have tested that you can still send and receive emails using this account name, and senders can use your account name as the recipient of emails, with no impact on email functionality.

Typically, these types of automated login intrusions are carried out by automated scripts that give up re-logging in after multiple attempts with non-existent accounts. You can check if your account is still under attack by re-enabling login access to the account name after 3-5 days of changing the alias.

Furthermore, I recommend activating two-step verification and adding an authenticator to your mobile phone, which will simplify your login process and increase the security of your account. You can refer to the link below for more information:
How to use two-step verification with your Microsoft account - Microsoft Support

Sign in using Microsoft Authenticator - Microsoft Support

I hope the information above will be helpful to you. We appreciate you spend your time working on this issue. We look forward to your response. 

Best Regards,

UlricaW - MSFT | Microsoft Community Support Specialist

I know how to sort out being hacked. I've been hacked multiple times on multiple accounts. My issue is with the fact there were over 40 failed attempts from multiple countries all over the world in just a few days and I only got 1 notification for the last one. Why wasn't I notified sooner. Then I could have changed the password sooner.

Dear TimothyBexon,

Thank you for your reply.

I would like to clarify that notifications are only sent when your account has been successfully logged in abnormally or when the system detects excessive attempts of abnormal login. As shown in your screenshot, after multiple attempts, the system determined that it was an abnormal login activity, so a reminder was sent to you. Fortunately, you protected your account in time.

Please understand that one or two abnormal login attempts cannot determine whether it is you operating, only multiple attempts will trigger the account protection mechanism.

Best Regards,

UlricaW - MSFT | Microsoft Community Support Specialist