Help my guys, Live account 'hacked'

[Fuzz]

Mine got "done over" on Saturday night... Woke up to a whole list of sent message reports on Sunday morning, made a thread about it, thinking I had been compromised somehow.

Monday I get a mail or two from different friends where by I was the one getting spammed from their account!

Something's gone **** up at MSN I fear..

 

[matthab]

9/10 its someone you know who has guessed your secret question.

 

[gee3000]

Happened to me before and before you lose hope - you can get your account back quite easily.

Email Hotmail Support (or Live or MSN or whatever), stating someone's hijacked your account, provide the email address. They'll write back and ask you to confirm a few details, and ask for examples of emails or folders which you may have in there that you can remember. Provide as much accurate info and list as many emails/folders as you can remember. They should give you access to your account again.

 

[neo2210]

Didn't you set up your Windows Live Account security settings? I've just gone in to mine for example to test and the moment you make a single change Windows Live sends a text or email to your phone/email address with a link to click on to confirm you did make that change.

nope didnt do that.

 

[neo2210]

9/10 its someone you know who has guessed your secret question.

My secret question was just a bunch of numbers, so I doubt it.

 

[tntcoder]

Weak passwords (and/or recovery questions/info) or compromised PCs = 98.432% of account 'hacks'. It is incredibly unlikely it was done via any other method.

For future reference, MS this week released 2 new features that you should start using.

- Recover account via SMS.
- Tie the account to a specific trusted PC, that PC can recover the account.

These will no doubt have similar issues to poor secret questions, but the advantages will be beneficial for many people.

 

[MikeHunt79]

He might use something like password safe which copies your password onto the clipboard, although I can't imagine many people use it for hotmail accounts as it's more for remembering passwords at work which always expire!

A keylogger would only record ctrl-v in this case then... as opposed to the password.

 

[tntcoder]

A keylogger would only record ctrl-v in this case then... as opposed to the password.

True but more advanced keyloggers will dump the contents of the clipboard when things like copy/paste events occur.

Even if you use a virtual keyboard, with the correct monitoring techniques input can still be logged.

 

[Rroff]

Depends how sophisticated the key logger is - some will monitor the contents of the clipboard.

 

[MikeHunt79]

Oh I see, that is pretty crafty really then.

I use a program called Keepass which allows me to store all my passwords and it copies and pastes them into my browser but I thought I was immune from these loggers becuase of this, but evidently I still need to use AV (or Linux) in order to avoid someone stealing my account info.

I've just checked my hotmail account, all seems well, not hacked FWIW.

 

[ricky1981]

Just checked my live account and it's been compromised as well. This is a real concern because I changed the password to a 16 character one about 8 weeks ago and haven't logged in since then. None of my other accounts have been hacked and I run all browsers in a sandbox (I used to work in IT security) so it's not a keylogger. To be honest I think MS has some problems internally because I've heard similar stories in the last few days.

 

[OzyOly]

gmail is where its at anyway yo

+1

 

[Mailman86]

Weak passwords (and/or recovery questions/info) or compromised PCs = 98.432% of account 'hacks'. It is incredibly unlikely it was done via any other method.

For future reference, MS this week released 2 new features that you should start using.

- Recover account via SMS.
- Tie the account to a specific trusted PC, that PC can recover the account.

These will no doubt have similar issues to poor secret questions, but the advantages will be beneficial for many people.

I didn't know about this. Cheers. The trusted PC thing sounds like it will make your account even more vulnerable though (someone only has to hijack your PC now instead of getting your password as well) so I didn't bother with that.

 

[ricky1981]

It gets better, I can't send myself the SMS recovery code because it won't send to NZ and they won't help me online because the account was registered in the UK and hasn't been accessed often enough from NZ.

Don't suppose anyone would mind sending my their UK number via my email in trust so I can send you the recovery code so I can get in, delete everything then close the account?

 

[Logsi]

Send the windows lot a couple pieces of identification and explain the situation. It does take some effort. My other half's mental ex hacked her account and it took a lot of effort to get it back.

Just badger them a lot, explain the situation, provide identification and remember what emails were in the account last. If you can remember a list of say 10-15 emails that you last had before you got hacked you'll get it back no problem.

 

[ricky1981]

That's the problem, I only really use it for Xbox Live/Technet, haven't sent or received an email in many months (although someone else might have been by the sound of it). Oh well, will try to get hold of someone back in the UK to try to sort it that way.

 

[neo2210]

Sorry to hear you've been comprimised aswell, ricki.

really blows having to reset all my passwords and its a pain in the butt trying to contact steam to change my email to another.

What's weird is the 'hacker', assuming it isnt a MS problem could easily have stole my steam account by now, but none of my stuff is comprimised except my live account.

Wonder if it'll just resolve by itself in a few days...

 

[Pho]

Don't suppose anyone would mind sending my their UK number via my email in trust so I can send you the recovery code so I can get in, delete everything then close the account?

You have mail!