Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

My Hotmail account has been compromised

My Hotmail account has been compromised

  • Comments 30

Well, here’s something I didn’t expect to write about – my very own Hotmail account has had its username and password accosted by spammers!

I have a very old one that I opened up years ago.  I use it to subscribe to bulk mail services and use it as the identifying account for my other personal blog.  Other than that, that’s it.  I do have another account filtered by Hotmail but it is a vanity domain that I registered with Office Live 3 years ago.  Anyhow, it is this personal one that was the issue.

I POP all of my mail through Thunderbird except for Yahoo Mail which charges me for it (whatever), and my regular Microsoft mail goes through Outlook.  Since I use this Hotmail account for virtually nothing except bulk mail, I never check it.  In fact, I have it as a subfolder under my vanity domain’s folder.  Indeed, most of the mail that goes into that folder is spam – someone or other from the Windows Live Network that wants to be my friend.  I never friend these people, of course.  I just ignore them.  So, whenever I get mail into the folder, I rarely check it because it isn’t mail that I want.  I may have signed up for it, but if I don’t read it I won’t worry about missing anything.

So imagine my surprise when I went in there today and noticed a bunch of bounce notifications.  I had a bunch of messages with subject “Delivery Status Notification (Failure)” in my inbox, and when I clicked on them they were all bounces to people in my Contacts list indicating that they could not be delivered because the mailbox was unavailable, and at the bottom of the message was a spam.

I was instantly puzzled.  How did this occur?  At first I thought that I had been somehow compromised by the “Here you have” spam campaign that I wrote about last week.  However, I noticed the date of the bounces and the first one was Sept 4, 2010.  I then decided to check into my Hotmail account (I never login to Hotmail – why would I if I am popping my mail) and checked my Sent folder.  Sure enough, “I” had “sent” piles of messages to people in my address book.  The messages went back to Sept 5, 2010 (that’s all that shows up in Hotmail, but the time stamp is GMT which corresponds to Sept 4, 2010) and that was all the evidence I needed.  Someone had stolen my password.  I immediately changed my password and since that time the delivery notifications have stopped.

This puzzles me.  How did my account get compromised?  I started doing the math in my head.  The bounces started getting back to me on Sept 4, 2010.  That was Labor Day weekend, the Saturday.  This makes no sense because on Saturday, Sept 4, I was out of town.  The time stamp on the first bounce is 7:10 pm.  This means that some time before 7:10 pm Pacific time my Hotmail account was compromised.  The hotel did have wifi, and I did use it.  I definitely do not recall using this particular account for anything, that wouldn’t make any sense.  This account is something I almost never use.  I did not blog at all that weekend (that’s the only application I use the username and password for).  I didn’t write any blog posts using Windows Live Writer from Aug 30 to Sept 10.  But is it possible that the password was stolen somehow when I connected to the wifi sometime between 5:30 pm when I finished a hike and subsequently checked into the hotel, and 6:30 pm when I left the hotel to go some place else (Pilot Butte, a hill in Bend, Oregon)?  It would fit the time frame as the spam started occurring about a half hour later.

That’s my current guess.

Leave a Comment
  • Please add 6 and 5 and type the answer here:
  • Post
  • Well, you have said that you use Thunderbird to check that account. Does it use POP over SSL or plain POP? Maybe there was some sniffing going on the network...

  • It's possible that it was sniffed over wi-fi but that doesn't scale very well to send large scale spam. Perhaps there's a bot out there sniffing wifi networks for e-mail accounts and passwords.

    Are you certain you didn't use that e-mail address and same password to setup an account on other services (other than your personal blog)? If so, it's possible that those services were compromised, had an attacker on the inside or were evil to begin with. I thought I'd share this XKCD post:

    http://xkcd.com/792

  • I don't use Wi-Fi myself and am setup the same way.  It never does this if I don't have contacts listed in my account.  Also when I added email addresses to my contact list in Outlook, it added the same contact information into my hotmail account because of the protocol that is being used to pull all of my emails from hotmail into MS Outlook 2007

  • I had the same exact thing happen to me. I used to use my Hotmail account back in the day for MSN Messenger, but I haven't for five years or so. I still log in to the account about every three months just to keep it active.

    I logged in today and had a whole bunch of Delivery Status Notification (failure) messages, as well as the corresponding messages my Sent folder.

    Frankly, it somewhat boggles my mind as to how this would happen. I have never used Hotmail/Messenger/etc over an unsecured connection wi-fi connection (or even a wi-fi connection). I'm fairly certain that the only computer I have accessed Windows Live/Hotmail from in the past year if not longer is my work computer, which is quite secure and malware free.

  • Some one got  into my email, and blocked me out it. they started sending emails to my contacts saying that iwas in a foriegn country, and that i had gotten robbed while there and that i needed money to get back, asking for 4 MONEY TO BE SENT,  to get me back home. what can i do ?  my new email is gbshave@ hotmail.com    help me!!!!!!!

  • I'm dealing with the same as gregg.  

    First noticed the mail delivery things about a month ago and then it stopped.  Next my sister called last week telling me she received the "Ive been robbed overseas letter" and I promptly figured out it was a scam and changed my password 2 days ago.  This a.m, I tried to sign in and was locked out and had to reset again!   Since I was locked out they sent an email with instructions to reset to my alternate hotmail account, but when I went to sign into this 8 year of so old account, I was locked out of this one as well!!  Apparently my hotmail has been compromised also....it's been probably 2.5 weeks since last signing in.  I haven't yet fixed my hotmail account password yet...have to now wait 24 hrs since the alternate email account for cases such as this was my Yahoo account which at the time was still not reset. UGH!!  I just can't believe this!  I know it has nothing to do with my computer though, because the Yahoo deal started on an old computer.....it since crashed

  • The same situation occured with my hotmail account in early September and again the last week of October.  I learned about the September hijacking when a couple of friends sent me a message asking if my account had been hacked since they received emails from my hotmail address that I would never send out.  When I signed into my account I too found a number of undeliverable mail notifications (for emails I had never sent out) in my inbox.  When I looked in my sent box, it showed multiple SPAM type emails sent out from my account to all my contacts.  I promptly deleted every contact in my hotmail.directory, which put an immediate stop to further messages going out.   Friends reported back to me that it seemed to have fixed the problem.

    In late October, I added 3 contacts back into the hotmail directory to see what would happen.  Within days, the same thing  occured as what had happened in September...... someone or something (i.e. automatic type of dialer) was accessing my account and sending SPAM emails out from it..  Once again I deleted the contacts.  I'm now going to test what happens by changing the password to the account and then add in my 3 contacts again to see what happens.

    One thing I did notice is that I never used to get any junk mail to speak of but since early September, my account receives multiple SPAM messages everyday (all of which automatically land in the Junk box).  

    All I can say about the annoyance is that (a) thankfully Hotmail is not my primary account; it is used to obtain requested information and webinars from businesses, etc. and (b) whoever is behind the hijacking of other emails address is hopefully caught and prosecuted to the full extent of the law.      

  • I received an email 2 nights ago from a teacher I hadn't spoken to in years saying it was great to hear from me, so of course I think he's lost it, until I scroll down and see the spam email he got. I haven't used this email in over a year!! Imagine (which if you're reading this blog you can easily imagine) my surprise when I checked my sent box, and sure enough, I had "sent" out dozens and dozens of emails to my 100+ contacts, and am still getting emails and texts in return asking whats going on about "all the emails I am sending". Trying to delete a Hotmail account is like an act of Congress with no one to discuss it with. I complain about the overseas call centers all the time, but Windows/Hotmail needs to make the steps for closing an email/Live ID account a bit easier and user-friendly.

  • i too have just had my account used in a similar way, asking someone for details and seem to be having a conversation through my account!

  • Found your blog post via Google - I have a similar issue - 2 vintage hotmail accounts only used for newsletter sign-ups etc seem to have been compromised and were sending e-mails to people not in my address book as I don't have one attached. E-mails seem to be for Career Builder and some kind of HIV / Cancer appeal. These accounts have only been accessed via Outlook Connector. No sign (as yet) of virus or trojan... Could the problem be on Microsoft's end?  

  • My hotmail account has also been compromised and I am unable to get into the account or change my password. The person who got into my account even put in an alternate email account so that I am unable to go the regular route.   The hackers sent a message to all of my contacts saying that I had been mugged in London and needed money.  This has been a nightmare.  I have jumped through all of the hoops but with no success.   Will I ever be able to get my contact addresses??? Help Microsoft or Hotmail or somebody!!!!!!!!!!!!!!!!!!!!

  • I just received an email form my hotmail account in my yahoo. I haven't opened my hotmail account for quite a while & you can just imagine my surprise when I saw the email with all of my contacts in the email. its a spam saying like this:

    ttp://brandnew-hoomee-biz.ru/?76Qbv87

    Priomote your petontial froem home

    I swear, I'm cursing MSN for this! this is the 2nd time that happened to me & my account has been blocked.

  • Hi Tzink!

    Thanks for your blog! Exactly the same happened to me. It must be a brute force attack by a bot or something.

  • The same thing happened to me a month ago and as of last week, I know at least 4 of my friends' hotmail accounts were hacked and sending out spams to all of their contacts. Does Microsoft even know this problem exists? I've reported the incidence, but I'm assuming the report may have gone straight to their spam folder and would never be looked at. Someone at Microsoft has got to start realizing that this is a huge problem!!

  • can't  open my account and no help from msnhotmail.com

Page 1 of 2 (30 items) 12