How is My Hotmail Being Hacked?

wd40

wd40

wd40

Associate
Joined
19 May 2011
Posts
35
Hi,

On 3 occasions in the last year I've been locked out of my Hotmail account.

They haven't spammed anyone.

My Personal Info / Recovery info has not been changed

My security log doesn't list my password change

On each occasion I did NOT receive an email to my other account warning me the PW had been changed (which happens every time I change it).

I've got MSE and Malware-Bytes. I've scanned with both and keep them up to date - no info.

WTF is going on? I can only conclude it's being done by a worm in M$oft's servers - right? How else could they keep changing my PW without me receiving an email?

Weirdly enough, the girl I share an office with had exactly the same thing happen to her - at the same time 2 weeks ago (I've been hacked again today). This suggests it was hacked via wi-fi, but where was the email to my other address?

This is confusing and annoying. Any info gratefully received.

edit - let's say there were a trojan on my machine which could clone my Hotmail cookie. That could give a hacker access. But how could they change the PW without a) me getting a warning email; b) My Hotmail security log not mentioning the change (it only lists changes I've made after being hacked???
 
Last edited:
AFAIK they lock accounts for multiple unsuccessful login attempts. Multiple things could've happened.

  • Someone tried logging in multiple times with invalid credentials, MS locked your account
  • Someone actually got in using your password but MS found it was from an unfamiliar location and locked it
  • You logged in from an unfamiliar location (IP changes sometimes trigger this) and they locked it
  • If it was a WiFi hack (DNS spoofing usually) they can just get your password in plain-text and login with it, not triggering a password change.
 
Last edited:
I believe it is an automatic system from Microsoft to help keep peoples accounts safe and make sure people regularly update their security details. I think there might be some settings somewhere for it.

My wife has had it twice in the last couple of months, but I have never had it. Check your settings.
 
Thanks.

It can't (well, I'd like to think so) be that someone else has tried to get in with an incorrect PW as there's no log of this.

If MS are locking me out due to suspicious activity, why isn't there a message stating this? All that happens is, I log in my usual PW, and I get 'incorrect PW'. Surely MS would give you a message stating 'you've been locked out due to suspicious activity' - you need to reactivate your account.

I never access my Hotmail in unfamiliar places. All the places I use have been used for yrs, i.e. office, girlfriend's place, Three mobile phone (whom I've been with, on same contract, for 5 yrs)

In the last 6 months I've accessed the account in Greece and Indonesia without any trouble - the problems have occurred when I've been in the UK, on my usual IP addresses
 
Thanks. My PW was doing nothing, just giving 'incorrect PW' messages. So, on each occasion, I've had to click on the 'unable to access account' button and send a code to my other registered email address. If this is MS locking me out, why on earth aren't they telling me? This appears, to all intensive purposes, that my account's been hacked. No one got spammed, but this made it look more sinister, as if someone were nosing around.
 
This is exactly what has happened to my wifes account.

I would change your password and try and contact support. I do not think it is anything to worry about, though. I would guess it is some glitching in their security systems. My wifes account has not suffered any undue effects that we know of. I have just told her to change her password regularly (and use a complex one).
 
Our head of marketing had a problem with his yahoo email today, where he said he couldn't log in but didn't think he had a problem with his password. He even had reports from people that their email was not being delivered to his email address and were getting bounce backs.

Maybe they are experiencing problems or doing maintenance or something?

Not receiving a password change email means nothing because if someone has access to your email they could simply delete the email. Add two factor auth on there or secondary email addresses.

Maybe they are under attack of some kind and have been forced to lock accounts due to brute force?
 
Aren't there such things as key-stroke-loggers? Is it for consideration that your work place has such installed on their computers? Just a thought.

sorry for you.
 
You must log in or register to reply here.
Back
Top Bottom