Jump to content



Photo

Hotmail account hacked. What now?

[security]

  • This topic is locked This topic is locked
27 replies to this topic

#1 BeerFan

BeerFan

    Neowinian Senior

  • Joined: 19-July 06

Posted 12 January 2012 - 12:11

Hello folks,

My personal Hotmail account was hacked yesterday. I knew something was up when I fired up my email program in the morning and received a message saying that my password was invalid. So, I went to the Hotmail site, entered my normal credentials, and received the same message there. Knowing that I hadn't changed my password in a few months, I clicked on the "I forgot my password" link. Hotmail gave me the option to have a password link sent to an alternative account, but the email address it listed was a Yahoo that was not mine, so i couldn't not successfully reset my own password. Doh!

Next, i went back to my email program, put it in Offline Mode, and checked the messages in my Sent folder. Sure enough, there was a message from a spammer with very poor English and begging for a few thousand Euros there that had been sent to everyone in my contacts list. Doh x2!

So, my next step was to contact Hotmail's customer support. They have a long list of questions to answer if you think your account has been compromised. I answered all of their questions and submitted my info. Within half an hour, I received a reply with a password reset link. (They sent this reply to an external email address that I specified.) I successfully reset my password and had access to my Hotmail again, and immediately sent a follow-up apology to my contacts, stating that the previous email could be ignored and that I had NOT been robbed while traveling in Madrid.

Next step was to check my email settings. The hacker had changed my settings so that all incoming email would be automatically forwarded to an account that was not mine. I fixed that, then went in and also changed my security questions. I also went and changed my passwords for every other online banking, personal info, social networking, etc site that I have bookmarks for. I spent about 1.5 hours making sure I had covered all the bases.

So, my questions are: 1) How the heck did this happen? Was it likely just a "brute force" attack? My previous password was an fairly strong combination of upper and lowercase letters, numbers, and a special character that did not contain any words, wasn't guessable, and was 8 characters long.

And 2) What else do I need to do? Should I ditch the Hotmail account altogether? Do I need to worry about my home PC's security? I'm running a fully-updated Windows 7 Ultimate x64 with MSE and MalwareBytes. I'm considering a wipe / reinstall for good measure (and because it has been 7 months since last install).

Thanks in advance for your input. (Y)


#2 xdot.tk

xdot.tk

  • Joined: 29-May 09

Posted 12 January 2012 - 12:15

Format and reinstall.

#3 cork1958

cork1958

    Neowinian

  • Tech Issues Solved: 2
  • Joined: 04-October 02

Posted 12 January 2012 - 12:22

Format and reinstall.


You've got to be kidding me?!

Wow!
A WHOLE 7 months since last install? What the heck do you do for a living, TRY to ruin computers?!!

I have 8 Windows 7 machines that have NEVER been reinstalled and are as clean and fast as the day I installed 7, which was a couple days after it came out. Never have been able to figure out why so many people, here especially, are always suggesting format and do it so often?

If you must and are THAT paranoid, just do a thorough scan with Malwarebyts, your AV and what ever other malware program you have, in safe mode.

Ditch that crap a** not so hot, Hotmail also. Easily one of the worst e-mails in existence!

#4 xdot.tk

xdot.tk

  • Joined: 29-May 09

Posted 12 January 2012 - 12:29

Only way to be sure he is rid of the infection. ;)

BTW, read my sig ;)

#5 fenderMarky

fenderMarky

    Neowinian

  • Joined: 23-January 10

Posted 12 January 2012 - 12:31

Ditch that crap a** not so hot, Hotmail also. Easily one of the worst e-mails in existence!


Sorry, not now.

#6 spacer

spacer

    I'm awesome

  • Tech Issues Solved: 1
  • Joined: 09-November 06
  • Location: Connecticut, USA
  • OS: Windows 7
  • Phone: Nexus 4

Posted 12 January 2012 - 12:32

You've got to be kidding me?!

Wow!
A WHOLE 7 months since last install? What the heck do you do for a living, TRY to ruin computers?!!

I have 8 Windows 7 machines that have NEVER been reinstalled and are as clean and fast as the day I installed 7, which was a couple days after it came out. Never have been able to figure out why so many people, here especially, are always suggesting format and do it so often?

If you must and are THAT paranoid, just do a thorough scan with Malwarebyts, your AV and what ever other malware program you have, in safe mode.

Ditch that crap a** not so hot, Hotmail also. Easily one of the worst e-mails in existence!


There is no AV that is 100% accurate in detection or cleaning. If your system is compromised there is no way running an AV is safer than reformatting and starting from scratch.

#7 LACSr

LACSr

    Neowinian

  • Joined: 12-December 06

Posted 12 January 2012 - 13:20

While spacer is correct "There is no AV that is 100% accurate in detection or cleaning." I would give this procedure a go before making the decision to reformat: http://forums.cnet.c...osts;msg5165373
If those scans come back clean, then you should be good. Now if you are still paranoid, then the only way to make really sure is to get a new hard drive, remove the old hard drive and start over with a clean install. Do not let the present system see the new hard drive. This is even safer than reformatting and starting from scratch. It depends on the paranoia.

#8 ckempo

ckempo

    A man chooses, a slave obeys: now, would you kindly...

  • Joined: 10-December 03
  • Location: Burntwood, UK

Posted 12 January 2012 - 13:26

Have you got anything attached to that account? I'm thinking specifically of an Xbox LIVE account?
If yes, do you have any EA games for which you've had to sign up for the EA online account rubbish?

#9 Steven P.

Steven P.

    aka Neobond

  • Tech Issues Solved: 68
  • Joined: 09-July 01
  • Location: Neowin HQ

Posted 12 January 2012 - 13:49

At OP: Sounds like you covered your bases pretty good there.. and as for the password hack, I really couldn't tell you how that happened! :s

A reinstall of Windows is probably not needed, although you might want to look at getting a key scrambler extension for your browser just to be on the safe side.

#10 Anthonyd

Anthonyd

    Neowinian

  • Joined: 07-May 06

Posted 12 January 2012 - 13:58

You probably have a keylogguer installed on your PC.

edit: Or you got fished.
Or you are using the same password everywhere, which is plain stupid.

#11 dancedar

dancedar

    Neowinian

  • Joined: 11-May 09

Posted 12 January 2012 - 14:06

Give your pc a thorough sweep with av and malware cleaners then switch to Gmail, turning on it's 2-step authentication. it sends an sms code you have to enter in addition to your password when accessing from a new device/app. Your password could be guessed but they'd need your phone as well to access your account.

#12 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 90
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 12 January 2012 - 15:39

what seems odd is you say in your offline copy of sent you saw spam sent. Was this email sent from your pc, or was it synced down from email sent via the web? If from the web, how did you get a copy because I would have to assume first thing would happen is password change vs just sending spam right away.

So the timeline of your account be accessed would be good to know in trying to figure out the method of their access. Was your machine infected, or was it just a simple brute/guess on the web. 8 characters is not really very secure..

for example my neowin password is 20 random characters using all four Ab1^ etc..

#13 Kosh Naranek

Kosh Naranek

    Neowinian

  • Joined: 10-November 01
  • Location: Aarhus, Denmark
  • OS: Windows 7 x64 SP1
  • Phone: LG Nexus 4 ~ Jelly Bean 4.2.1

Posted 12 January 2012 - 15:54

Download TDSSKiller from kaspersky (it's free) and run that as well.

http://support.kaspe...s?qid=208283363

#14 illegaloperation

illegaloperation

    Neowinian Senior

  • Joined: 24-October 09

Posted 12 January 2012 - 16:20

I am going to guess that it is a phishing attack.

#15 bgjerlow

bgjerlow

    Neowinian

  • Joined: 30-July 11
  • Location: Denmark
  • OS: Windows 7
  • Phone: Samsung ATIV S

Posted 12 January 2012 - 16:41

Scanning your PC would be a good idea. It's always a good idea to do this at least a couple of times a week.
Sounds like a phishing attack though, so you shouldn't be worried about having to reinstall Windows.