Brad Rosenheim

#TechQuestion - I think I have come to the right place.

About 2 months ago, my password to log into work computers, email, Teams, etc. was changed. The IT people told me I did it, but I didn't.

On Monday, I was in the middle of a meeting on Teams and it happened again. Kicked off the system, completely. Every logged in program and app was telling me that they needed my password and my password was not working.

Both times, it took IT to generate a password for me and then I had to create a new password.

So I asked why this happened. Today, I received this message, and I have no idea what it means:

"It appears that you are using TOR, the onion browser, when authenticating.
Both of those rotational events were security automations related to use of [organization name] accounts while on TOR.
This is not something that we permit. While TOR is great for privacy, that same privacy shields the darkweb and threat actors."

Can someone translate this for me, please? I don't understand this, so I am doomed to repeat it.

May 14 at 1:00amWeb
Show threadDavid Sacerdote2d ago
@Brad_Rosenheim they're talking about https://tor.eff.org a special and very slow browser which is designed to obscure who is browsing. If you're not intentionally using this, it means that somebody has compromised your system or a system where you use the same password and is impersonating you while using tor so that they can't be tracked
The Tor Project | Privacy & Freedom Online

Defend yourself against tracking and surveillance. Circumvent censorship.

Show threadBrad Rosenheim2d ago
@dsacer OK, so it has nothing to do with me using TOR. But even worse, someone is imitating me. So this is a case of identity theft...
Show threadDavid Sacerdote2d ago
@Brad_Rosenheim you need to tell your IT team that you had never heard of Tor until they mentioned it, and get their help figuring out what is compromised. It could be a machine or phone you use, or somebody else's if you reused the same password
Show threadBrad Rosenheim2d ago
@dsacer I have already notified them that I had no idea what they are talking about.
Show threadCraig Rochansky2d ago

@Brad_Rosenheim Tor is basically a browser that anonymizes your browsing by passing your data through many servers so that it's impractical to track it. It's slow, and not something you'd use without knowing about it.
But it is something that a hacker might use.

Look at the instructions for any software you were using, just in case it used Tor for some odd reason. But it's not likely.

Then, tell your IT people that you weren't using Tor, and suggest that the use of Tor might be evidence of a break in.

That earlier, involuntary password change also points in that direction.

Show threadLauren Weinstein2d ago
@Brad_Rosenheim Were you knowingly using TOR? What browser or other access program were you using to establish your logins?
Show threadBrad Rosenheim2d ago
@lauren I wasn't knowingly using it. I generally use Firefox to access the internet. The programs which require login and multifactorial authentication are Microsoft products. Outlook and Teams. I use the Microsoft authenticator for MFA.
Show threadLauren Weinstein2d ago
@Brad_Rosenheim Is there any VPN involved?
Show threadBrad Rosenheim1d ago
@lauren Not necessarily, but there could have been. I do use VPN from time to time when I am working from home, and the first event was over a weekend when I was home. The event this weekend was almost certainly not with VPN as I was on the campus wireless network.
Show threadLauren Weinstein1d ago
@Brad_Rosenheim Well, if we take the explanation given by the support staff at face value, SOMETHING about your setup is triggering their flagging it as TOR -- likely involving your IP addresses. They should be able to give you more explicit information.