WARNING - Hotmail Accounts Hacked

[Grizzly]

Rabble if you have or know someone who has a Hotmail account/email address, I would just like to raise a note of caution.

Today my hotmail account was blocked. I know not why, all attempts to unblock it referred me back to a default page which wanted to send a code to an out of date secondary email address.

After investigating the issue on search engines I found that this is becoming more and more of an issue globally. All of a sudden your hotmail account is blocked and you have no recourse to obtain your emails or any saved emails from your account. The reason it gives is that you have been sending out a lot of spam or that someone has hacked your account. Either way there is little you can do about it if you dont have a back up email address with a different ISP address.

I have now spent the last 6 hours resetting all my accounts with banks, ebay, xmarks, itunes etc etc because some computer nerd thinks its a laugh to make other peoples lives a misery. Thanks to the idiot who perpetrated this hacking I have now lost personal emails and online receipts, letters from my daughter and much more.

Do yourselves a favour and change your email provider, before this happens to you.

Needless to say I am BL@@DY annoyed.

[Steve Ashton]

Perhaps this is the reason that I have been getting error messages from our software.
For about the last three weeks I have been getting message that our software had attempted to send you an email to notify you of a new post to a thread you are subscribed to but could not for some reason.

I did not notify you personally because you were not the only member that this was happening to. I knew it was not the fault of our forum software so there was nothing that could be done on this end.

[piperdbh]

For the last two days, when I log in to my account with that website, a window opens asking for my phone number and some other "security" information. I haven't supplied said requested info; I'd rather not give my phone number to an unseen entity. Should I?

[English Bloke]

... I'd rather not give my phone number to an unseen entity. Should I?...

Absolutely not!

[Grizzly]

Steve hopefully I have sorted it now as have changed my email address on XMTS.

Piperdbh if you do an Internet search for blocked hotmail there is lots of info. Unfortunately if you have been hacked too it would be better to set up a new email account with a different provider.

Also I agree with John. Don't give them your number.

[flyrod6057]

My Hotmail was hacked last year. I lost everything. Thankfully, that was probably a good thing... Anyway, I changed email providers and have had zero issues since. Yet another piece of junk Microsoft application to add to the list. (my two cents there...)

[Joshua]

I have now spent the last 6 hours resetting all my accounts with banks, ebay, xmarks, itunes etc etc because some computer nerd thinks its a laugh to make other peoples lives a misery. Thanks to the idiot who perpetrated this hacking I have now lost personal emails and online receipts, letters from my daughter and much more.

Needless to say I am BL@@DY annoyed.

Guid on ye for changing all your passwords - but don't blame us nerds and good guy hackers or lump us in with the bad guys.

Keep in mind it's a very lucrative business to the less affluent sections of the world - say a site makes $.10/click on a website - say 4,000,000 emails go out and only 10% are clicked - equalling $40,000. Now, imagine that advertisement website also installs a payload/virus that encourages the viewer to click 7-8 other advertisements on an hourly basis, well, we know that not all viruses stick, so let's say 10% of the 10% actually make it through and are accessing 8 different ad sites on an hourly basis. 40,000 computers, making $.10 per click, hitting 8 ads per hour - that comes out to $32,000.

Finally, that payload that got installed also installs a data mining program that steals sensitive data. Let's say another 10% (for the sake of argument, 4,000 people) had social security numbers or saved credit card numbers on their computer. The bad guy turns around and sells that information to a fence for identity theft at around $5/record - there's another $20,000. AND if that data-mining results in usernames/passwords for e-mail and facebook accounts? The bad guy now has new things to exploit for the next 4,000,000 spam messages he is going to send out.

So, the misconception here is that the computer "nerd" is having a laugh. Rather, he is using your e-mail account as a vessel to send out this nasty, nasty stuff to make money. If these guys did this crap just for fun, we would not see it as widespread and ugly as it is today. Don't believe for a second it's a joke, it's crime and it's quite serious.

Better advice would be to make sure you have a secure e-mail provider, one that supports two-factor authentication and use the two-factor authentication (Google/Gmail sends you a text message with a code if you sign into a computer it doesn't recognize), and have a secure password.

This is what I do for a living (whup up on bad guy hackers) by the way. :-)

[Grizzly]

Hats off to you Joshua if you are trying to prevent these bad guys from making us suffer. My anger is directed towards the person who managed to hack my account not against people who try and stop this happening.

Your eloquent explanation of why they do it has furthered my understanding but I would still like to meet them down a dark alley one night.

[Deirachel]

(snip)
So, the misconception here is that the computer "nerd" is having a laugh. Rather, he is using your e-mail account as a vessel to send out this nasty, nasty stuff to make money. If these guys did this crap just for fun, we would not see it as widespread and ugly as it is today. Don't believe for a second it's a joke, it's crime and it's quite serious.

Better advice would be to make sure you have a secure e-mail provider, one that supports two-factor authentication and use the two-factor authentication (Google/Gmail sends you a text message with a code if you sign into a computer it doesn't recognize), and have a secure password.

This is what I do for a living (whup up on bad guy hackers) by the way. :-)

***^100000.

Black Hats do this for a living.

Grey Hats may do it for fun and extra cash or to try to bring attention to something (the good versions of the hacktivist, no there aren't many of them, but they do exist)

White Hats fight them.

But, it doesn't matter how many hats there are.

If you are using poor security methods, you are at fault. Using Hotmail (or Yahoo, but they are a bit better) for anything you aren't willing to loose or let the bad guys get total control of is unwise. Gmail is better. POP3 is much better.

Use strong passwords, don't let your passwords for the silly stuff be even vaguely similar to the serious stuff (i.e. you password for here, your high school alumni forum, and youtube account can be similar; your password for bank, work, bills, paypal should be totally different). Never save your passwords for the serious stuff. Don't bookmark the serious stuff, manually type in the address every time.

Use anti-malware software that is up-to-date and use it often and regularly. Pick your poison for your needs, but keep up with it.

[Inchessi]

Due to the nature of my work, my passwords are changed every 30 days. After saying this, I realized I haven't changed my password here. My passwords always have an uppercase and lowercase letter, special character, and a number. My passwords tend to be random, but I have used nomenclature for odd sentences I have read. My passwords are never shorter than 13 characters, again, except here. Due to the nature of my job, and the fact that I really like it, I shy away from sites that may be misinterpreted as morally questionable, religious, political, or strongly ideological.

With all that being said, My Hotmail account has been hacked about eight months ago. It was hacked again last Thursday night. Selling property, and giving out free blackberry's are enough to warrant questions, the cheap "Canadian" Cialus, viagra, and something else I can't remember did send up flags. All this happened in a couple of long, worrisome hours. Luckily, the IT guys were able to show with out fail, I did not stray from work related sites.

That was my long winded way of saying, I am careful, I was hacked, and I need to abandon my email account of 12 years. Thankyou Deirachel for bringing up POP3. I was under the impression that Gmail was my only option.