Have been hacked - lost access to accounts etc

[philstanbridge]

Hey, hope somebody can shine some light on this little problem for me. Not even sure this is the right place for this, so feel free to move.

My son received an email yesterday from Microsoft which asked him to change a password. Yes I know, he is 13, and made a stupid mistake So tonight we started to have money taken out of the accounts etc etc. I’ve frozen the cards and notified the bank. No problem there and I’ve done everything I can. But the scammers have stolen my Microsoft/hotmail account which is proving more problematic and have apparently locked me out of it. I’ve filled out the recovery form so is it just a waiting game? The IP addresses point to the far east just out of interest

 

[[FnG]magnolia]

Called bank - important.
Do you use the same password on any other important logins or are there any important (read: financially vulnerable) accounts which rely on your hotmail account details?

 

[philstanbridge]

Unfortunately yes. Lesson learnt. PayPal etc. I managed to freeze my accounts; I’ve contacted the bank and PayPal. I feel I’ve done what I can

 

[philstanbridge]

When I try to regain access to my Microsoft account I get this message.

 

[CaptainRAVE]

Time to do a password review of all the accounts you use, switch over to 2FA on everything you can, unique passwords for all sites etc. I spent about a day doing this a few months ago having been notified of several attempted breaches of some of my accounts and having seen a post like yours.

 

[philstanbridge]

It’s asking me to approve a request on a mobile device.

 

[[FnG]magnolia]

Who is? Your bank or Microsoft? Approve what?

 

[philstanbridge]

It’s Microsoft. It’s saying to recover my account I need to authorise this using an Authenticator, but it links round in circles. I just don’t understand what’s going on. Problem is my son’s Xbox account is linked to my MS account.

 

[Efour]

They probably set up 2 step authenticator on their mobiles.

I doubt there's anyway out of it other than talking to them and ...well I dunno

 

[philstanbridge]

I don’t really care about any of my stuff but my son has thousands of pounds worth of games on his Xbox linked to the email. What happens to those?

 

[philstanbridge]

also I can’t even kill the account because i can’t login

 

[MrRockliffe]

You’ll need to contact Microsoft support.

Have you tried this? https://support.microsoft.com/en-gb...-account-24ca907d-bcdf-a44b-4656-47f0cd89c245

 

[shifty_uk]

also I can’t even kill the account because i can’t login

Phone Microsoft, they are normally on the ball and pretty helpful

 

[philstanbridge]

Phone Microsoft, they are normally on the ball and pretty helpful

Thank you so much. I will call them tomorrow

 

[philstanbridge]

Does anyone have a contact number for whoever I need to speak to? I’ve just tried the account recovery and that just goes in circles. They’ve obviously locked me out

 

[Werewolf]

also I can’t even kill the account because i can’t login

IIRC if you've paid for anything by card etc that can help when trying to regain control of the likes of a game account, or used to back in the Ultima Online days as suitably senior CS used to be able to see at least some of the card information which can help with account recovery.

 

[shifty_uk]

Google ‘microsoft customer service’, the number is at the top and should be 24 hrs, I’d ring them before you go to bed rather than sit up all night worrying.

 

[Puzzled]

Did you ever install the Microsoft authenticator app on your phone?

It prompts you to confirm a number when singing in, that's what it will be asking for (or just a simple tap approve, depends on the device signing in)

 

[philstanbridge]

I did but I can’t get to that stage. It says it needs me to add an account but when I try it says I need to recover the account first

 

[HungryHippos]

You can't add MFA to an account that you don't control. As they have control, they've presumably added their own MFA to it now.

You should have had MFA added to this account beforehand (same for anything of importance, such as banks/paypal etc). Email is arguably more important than most things due to how many things it gives access to.

Losing access to your email also means they can attempt to do a password reset for anything else using that same email/username.