My personal Hotmail account was hacked yesterday. I knew something was up when I fired up my email program in the morning and received a message saying that my password was invalid. So, I went to the Hotmail site, entered my normal credentials, and received the same message there. Knowing that I hadn't changed my password in a few months, I clicked on the "I forgot my password" link. Hotmail gave me the option to have a password link sent to an alternative account, but the email address it listed was a Yahoo that was not mine, so i couldn't not successfully reset my own password. Doh!
Next, i went back to my email program, put it in Offline Mode, and checked the messages in my Sent folder. Sure enough, there was a message from a spammer with very poor English and begging for a few thousand Euros there that had been sent to everyone in my contacts list. Doh x2!
So, my next step was to contact Hotmail's customer support. They have a long list of questions to answer if you think your account has been compromised. I answered all of their questions and submitted my info. Within half an hour, I received a reply with a password reset link. (They sent this reply to an external email address that I specified.) I successfully reset my password and had access to my Hotmail again, and immediately sent a follow-up apology to my contacts, stating that the previous email could be ignored and that I had NOT been robbed while traveling in Madrid.
Next step was to check my email settings. The hacker had changed my settings so that all incoming email would be automatically forwarded to an account that was not mine. I fixed that, then went in and also changed my security questions. I also went and changed my passwords for every other online banking, personal info, social networking, etc site that I have bookmarks for. I spent about 1.5 hours making sure I had covered all the bases.
So, my questions are: 1) How the heck did this happen? Was it likely just a "brute force" attack? My previous password was an fairly strong combination of upper and lowercase letters, numbers, and a special character that did not contain any words, wasn't guessable, and was 8 characters long.
And 2) What else do I need to do? Should I ditch the Hotmail account altogether? Do I need to worry about my home PC's security? I'm running a fully-updated Windows 7 Ultimate x64 with MSE and MalwareBytes. I'm considering a wipe / reinstall for good measure (and because it has been 7 months since last install).
Thanks in advance for your input.