Hacked Hotmail account confusion

qw3rt7

Hi all.
Last week when i got back from holiday i found my hotmail email had been used to spam all my contacts with a cr*ppy email in poor english promoting some scam gadget site. Now the password had not been changed, so i could still log in.

I have since changed the password, and monitored all accounts linked to the previous email/password combination (nothing financial) but am worried as to how my password was obtained. I am a freelance web developer, so have a very good understanding of technology. My pc is well protected from spyware/malware viruses etc, and the hacked password was an 11 character long english translation of an obscure japanese phrase using numbers in place of some letters!!! NOT something you could in any way guess or brute force!

The reason i want to figure this out is to avoid it happening again. Had my work email been hacked in the same way, i could have lost alot of business.

Regards

kwikbreaks

Just about every post I've seen on here about email accounts being compromised and spam sent to all contacts has involved a Hotmail account.

Based on that I would have thought that the way to stop a repeat is obvious.

Sooler

may be your email account wasn't hacked at all and no one had your password

http://en.wikipedia.org/wiki/E-mail_spoofing

OneADay

qw3rt7 wrote: »

Hi all.
Last week when i got back from holiday i found my hotmail email had been used to spam all my contacts with a cr*ppy email in poor english promoting some scam gadget site. Now the password had not been changed, so i could still log in.

I have since changed the password, and monitored all accounts linked to the previous email/password combination (nothing financial) but am worried as to how my password was obtained. I am a freelance web developer, so have a very good understanding of technology. My pc is well protected from spyware/malware viruses etc, and the hacked password was an 11 character long english translation of an obscure japanese phrase using numbers in place of some letters!!! NOT something you could in any way guess or brute force!

The reason i want to figure this out is to avoid it happening again. Had my work email been hacked in the same way, i could have lost alot of business.

Regards

Agree with the wiki article.

When you say your hotmail email had been used, were there sent items in your Sent folder. If not, then either someone hacked in, sent emails and deleted their tracks.

I dont think that is likely. Spammers can spoof the From email address to any address they want to make it appear it originates from your address when really it does not. With seeing source of the spam and analysing it, its not easy to tell. But I doubt you have been hacked.

mr_fishbulb

OneADay wrote: »

Spammers can spoof the From email address to any address they want to make it appear it originates from your address when really it does not.

That's what I am thinking is more likely to have happened in this case.

I don't think it is economically viable for a spammer to hack into a hotmail account, just to email the proportionately tiny amount of people in their address book compared email lists they can buy through other means.

Email spoofing is as simple as this:

qw3rt7 wrote:

I am typing this naked

qw3rt7

That would be wonderful. Unfortunately, i was initially alerted to the fact when i received failed delivery reports for some of my older contacts!
Looking in my sent box showed one email, BCCed to everyone!!!

The site advertised was www dot sales-digital dot com, which on inspection is a crummy chinese knock off site, that encourages western union and moneygram!!!!

But i agree, its seems pretty pointless going to the trouble of hacking an ac just to spam one obviously junk email.

My main concern is that whatever means where used in the first place might be used again. Any further ideas? I really dont want to loose the account as its simply my name and i have used it for about 8 years.

Thanks

PS my MSE membership is via the same email address, so if i suddenly start trying to sell fake ipods dont buy any!!!!

davester

The way they usally get your password is you gave it to them. You had a seemingly innocent message either email or even messenger from your friend with some link asking is this you or something like that. Clicking it goes to a fake hotmail login page which you think is real. you fill it in and then they have your username and password.

Also go to your account and check the alternative email address and security question is not changed, they have been known change it to be able to use you again at a later date. But by the the time you find out your password to login is changed and you can't get in.

kwikbreaks

Sooler wrote: »

may be your email account wasn't hacked at all and no one had your password

http://en.wikipedia.org/wiki/E-mail_spoofing

email address spoofing is indeed incredibly easy.
But where did the spammer get all his contacts from???

Hotmail clearly is vulnerable to hacking scripts otherwise we wouldn't see this same story so often.

qw3rt7

hmm, i guess i can only conclude i must have used the email/password combo on some crummy website. I basically have a list of passwords (in my head, not physically recorded), with one for reliable sites, one for general use and one for suspect sites. I have never used the aforementioned hacked password with any sites other than genuine ones, but i guess i made a mistake.

So bl88dy annoying, googleing does show a disproportionate amount of hacked account seem to be hotmail, but then again maybe its just the most popular free email?.

Anyway, thanks for all your suggestions.

Regards

OneADay

There is an easy to get a password for any email address.

Most people use the same passwords when they register on various sites, be it blogs, naughty sites, intellectual sites (yeah right as if there those).

9 times out 10 the same password used on those sites is likely to be the password for the persons email address which they probably used to register on such site.

I could have been a security expert but I could'nt hack it!

Money_Grabber13579

qw3rt7 wrote: »

Hi all.
Last week when i got back from holiday i found my hotmail email had been used to spam all my contacts with a cr*ppy email in poor english promoting some scam gadget site. Now the password had not been changed, so i could still log in.

I have since changed the password, and monitored all accounts linked to the previous email/password combination (nothing financial) but am worried as to how my password was obtained. I am a freelance web developer, so have a very good understanding of technology. My pc is well protected from spyware/malware viruses etc, and the hacked password was an 11 character long english translation of an obscure japanese phrase using numbers in place of some letters!!! NOT something you could in any way guess or brute force!

The reason i want to figure this out is to avoid it happening again. Had my work email been hacked in the same way, i could have lost alot of business.

Regards

I've had the exact same problem. It wasn't fastnewbuy by any chance? The item was in my sent box, and sent to everyone in my address book. My computer is also well protected, so I'm guessing they stole the password for the account.