My Hotmail account has been compromised


Well, here’s something I didn’t expect to write about – my very own Hotmail account has had its username and password accosted by spammers!

I have a very old one that I opened up years ago.  I use it to subscribe to bulk mail services and use it as the identifying account for my other personal blog.  Other than that, that’s it.  I do have another account filtered by Hotmail but it is a vanity domain that I registered with Office Live 3 years ago.  Anyhow, it is this personal one that was the issue.

I POP all of my mail through Thunderbird except for Yahoo Mail which charges me for it (whatever), and my regular Microsoft mail goes through Outlook.  Since I use this Hotmail account for virtually nothing except bulk mail, I never check it.  In fact, I have it as a subfolder under my vanity domain’s folder.  Indeed, most of the mail that goes into that folder is spam – someone or other from the Windows Live Network that wants to be my friend.  I never friend these people, of course.  I just ignore them.  So, whenever I get mail into the folder, I rarely check it because it isn’t mail that I want.  I may have signed up for it, but if I don’t read it I won’t worry about missing anything.

So imagine my surprise when I went in there today and noticed a bunch of bounce notifications.  I had a bunch of messages with subject “Delivery Status Notification (Failure)” in my inbox, and when I clicked on them they were all bounces to people in my Contacts list indicating that they could not be delivered because the mailbox was unavailable, and at the bottom of the message was a spam.

I was instantly puzzled.  How did this occur?  At first I thought that I had been somehow compromised by the “Here you have” spam campaign that I wrote about last week.  However, I noticed the date of the bounces and the first one was Sept 4, 2010.  I then decided to check into my Hotmail account (I never login to Hotmail – why would I if I am popping my mail) and checked my Sent folder.  Sure enough, “I” had “sent” piles of messages to people in my address book.  The messages went back to Sept 5, 2010 (that’s all that shows up in Hotmail, but the time stamp is GMT which corresponds to Sept 4, 2010) and that was all the evidence I needed.  Someone had stolen my password.  I immediately changed my password and since that time the delivery notifications have stopped.

This puzzles me.  How did my account get compromised?  I started doing the math in my head.  The bounces started getting back to me on Sept 4, 2010.  That was Labor Day weekend, the Saturday.  This makes no sense because on Saturday, Sept 4, I was out of town.  The time stamp on the first bounce is 7:10 pm.  This means that some time before 7:10 pm Pacific time my Hotmail account was compromised.  The hotel did have wifi, and I did use it.  I definitely do not recall using this particular account for anything, that wouldn’t make any sense.  This account is something I almost never use.  I did not blog at all that weekend (that’s the only application I use the username and password for).  I didn’t write any blog posts using Windows Live Writer from Aug 30 to Sept 10.  But is it possible that the password was stolen somehow when I connected to the wifi sometime between 5:30 pm when I finished a hike and subsequently checked into the hotel, and 6:30 pm when I left the hotel to go some place else (Pilot Butte, a hill in Bend, Oregon)?  It would fit the time frame as the spam started occurring about a half hour later.

That’s my current guess.

Comments (32)

  1. Cd-MaN says:

    Well, you have said that you use Thunderbird to check that account. Does it use POP over SSL or plain POP? Maybe there was some sniffing going on the network…

  2. David Cawley says:

    It's possible that it was sniffed over wi-fi but that doesn't scale very well to send large scale spam. Perhaps there's a bot out there sniffing wifi networks for e-mail accounts and passwords.

    Are you certain you didn't use that e-mail address and same password to setup an account on other services (other than your personal blog)? If so, it's possible that those services were compromised, had an attacker on the inside or were evil to begin with. I thought I'd share this XKCD post:

    http://xkcd.com/792

  3. DS says:

    I don't use Wi-Fi myself and am setup the same way.  It never does this if I don't have contacts listed in my account.  Also when I added email addresses to my contact list in Outlook, it added the same contact information into my hotmail account because of the protocol that is being used to pull all of my emails from hotmail into MS Outlook 2007

  4. Kevin Ickes says:

    I had the same exact thing happen to me. I used to use my Hotmail account back in the day for MSN Messenger, but I haven't for five years or so. I still log in to the account about every three months just to keep it active.

    I logged in today and had a whole bunch of Delivery Status Notification (failure) messages, as well as the corresponding messages my Sent folder.

    Frankly, it somewhat boggles my mind as to how this would happen. I have never used Hotmail/Messenger/etc over an unsecured connection wi-fi connection (or even a wi-fi connection). I'm fairly certain that the only computer I have accessed Windows Live/Hotmail from in the past year if not longer is my work computer, which is quite secure and malware free.

  5. gregg says:

    Some one got  into my email, and blocked me out it. they started sending emails to my contacts saying that iwas in a foriegn country, and that i had gotten robbed while there and that i needed money to get back, asking for 4 MONEY TO BE SENT,  to get me back home. what can i do ?  my new email is gbshave@ hotmail.com    help me!!!!!!!

  6. Vera says:

    I'm dealing with the same as gregg.  

    First noticed the mail delivery things about a month ago and then it stopped.  Next my sister called last week telling me she received the "Ive been robbed overseas letter" and I promptly figured out it was a scam and changed my password 2 days ago.  This a.m, I tried to sign in and was locked out and had to reset again!   Since I was locked out they sent an email with instructions to reset to my alternate hotmail account, but when I went to sign into this 8 year of so old account, I was locked out of this one as well!!  Apparently my hotmail has been compromised also….it's been probably 2.5 weeks since last signing in.  I haven't yet fixed my hotmail account password yet…have to now wait 24 hrs since the alternate email account for cases such as this was my Yahoo account which at the time was still not reset. UGH!!  I just can't believe this!  I know it has nothing to do with my computer though, because the Yahoo deal started on an old computer…..it since crashed

  7. Debra says:

    The same situation occured with my hotmail account in early September and again the last week of October.  I learned about the September hijacking when a couple of friends sent me a message asking if my account had been hacked since they received emails from my hotmail address that I would never send out.  When I signed into my account I too found a number of undeliverable mail notifications (for emails I had never sent out) in my inbox.  When I looked in my sent box, it showed multiple SPAM type emails sent out from my account to all my contacts.  I promptly deleted every contact in my hotmail.directory, which put an immediate stop to further messages going out.   Friends reported back to me that it seemed to have fixed the problem.

    In late October, I added 3 contacts back into the hotmail directory to see what would happen.  Within days, the same thing  occured as what had happened in September…… someone or something (i.e. automatic type of dialer) was accessing my account and sending SPAM emails out from it..  Once again I deleted the contacts.  I'm now going to test what happens by changing the password to the account and then add in my 3 contacts again to see what happens.

    One thing I did notice is that I never used to get any junk mail to speak of but since early September, my account receives multiple SPAM messages everyday (all of which automatically land in the Junk box).  

    All I can say about the annoyance is that (a) thankfully Hotmail is not my primary account; it is used to obtain requested information and webinars from businesses, etc. and (b) whoever is behind the hijacking of other emails address is hopefully caught and prosecuted to the full extent of the law.      

  8. Christine says:

    I received an email 2 nights ago from a teacher I hadn't spoken to in years saying it was great to hear from me, so of course I think he's lost it, until I scroll down and see the spam email he got. I haven't used this email in over a year!! Imagine (which if you're reading this blog you can easily imagine) my surprise when I checked my sent box, and sure enough, I had "sent" out dozens and dozens of emails to my 100+ contacts, and am still getting emails and texts in return asking whats going on about "all the emails I am sending". Trying to delete a Hotmail account is like an act of Congress with no one to discuss it with. I complain about the overseas call centers all the time, but Windows/Hotmail needs to make the steps for closing an email/Live ID account a bit easier and user-friendly.

  9. kc says:

    i too have just had my account used in a similar way, asking someone for details and seem to be having a conversation through my account!

  10. DavidB says:

    Found your blog post via Google – I have a similar issue – 2 vintage hotmail accounts only used for newsletter sign-ups etc seem to have been compromised and were sending e-mails to people not in my address book as I don't have one attached. E-mails seem to be for Career Builder and some kind of HIV / Cancer appeal. These accounts have only been accessed via Outlook Connector. No sign (as yet) of virus or trojan… Could the problem be on Microsoft's end?  

  11. NS says:

    My hotmail account has also been compromised and I am unable to get into the account or change my password. The person who got into my account even put in an alternate email account so that I am unable to go the regular route.   The hackers sent a message to all of my contacts saying that I had been mugged in London and needed money.  This has been a nightmare.  I have jumped through all of the hoops but with no success.   Will I ever be able to get my contact addresses??? Help Microsoft or Hotmail or somebody!!!!!!!!!!!!!!!!!!!!

  12. Grace says:

    I just received an email form my hotmail account in my yahoo. I haven't opened my hotmail account for quite a while & you can just imagine my surprise when I saw the email with all of my contacts in the email. its a spam saying like this:

    ttp://brandnew-hoomee-biz.ru/?76Qbv87

    Priomote your petontial froem home

    I swear, I'm cursing MSN for this! this is the 2nd time that happened to me & my account has been blocked.

  13. Rabbit says:

    Hi Tzink!

    Thanks for your blog! Exactly the same happened to me. It must be a brute force attack by a bot or something.

  14. Purelica says:

    The same thing happened to me a month ago and as of last week, I know at least 4 of my friends' hotmail accounts were hacked and sending out spams to all of their contacts. Does Microsoft even know this problem exists? I've reported the incidence, but I'm assuming the report may have gone straight to their spam folder and would never be looked at. Someone at Microsoft has got to start realizing that this is a huge problem!!

  15. bets says:

    can't  open my account and no help from msnhotmail.com

  16. Mohamad brighit says:

    i had a problem,someone is using my acount, brighitmoh31@hotmail.com ,he already changed the password ,i can t enter anymore,please if  you can do something in this case ,let me khnow on my email: brighitmohamad@yahoo.com

    thank you very much.

    the person asking my contacts to send him the money under of my name:From: brighitmoh31@hotmail.com

    this the message:

    To: michellefite31@hotmail.com

    Subject: RE:

    Date: Mon, 28 Feb 2011 17:36:18 +0500

    Hello,

    Thanks for getting back to me i want you to know that i have been having a problem with this transaction at the bank because i was told that there is no such transaction available at this moment so i don't know if there is a mistake somewhere so i will like you to crosscheck very very well and get back to me with the following details needed below:

    First Sender's Name:

    last Sender's Name:

    Full Sender's Address:

    MTCN No:

    Text question:

    Answer:

    Regards,

    Hoping to read back from you as soon as possible …

  17. Yupp says:

    Have had the same problem here. Had an account years ago for MSN, but closed it when I moved on.

    For the past five months, I have had people I know contacting me to complain about my old account spamming them. They are demanding that I do something about a Hotmail account that I am locked out of and that MSN will do nothing about. How am I being held responsible for something that I can not change? and I can not access staff at MSN who will delete the account?

    Sure, spam filters work, but it still chews up resources and is a waste. Delete these spam accounts.

  18. HELLO says:

    I believe you are here to meet nice people. I will like to be your friend. My name is Gift, Please if you accept me please contact me with this email (SONIAemmedy@hotmail.com). You can write to me anytime.

  19. bettybrown says:

    cant open my account,.  no help from msnhotmail.com

  20. burr says:

    Been getting bounce backs myself, but nothing was ever in the sent folder. I couldn't close the email thanks to Games for Windows Live (I'd lose access to my games) so I was forced to send everyone an email on my list to block me and open a new address and pretend the Hotmail one doesn't exist (unless of course I am logging in to play my games).

    A shame since I had it for almost 10 years.

  21. Chocolate Addict says:

    I have been compromised as well, except guess what? They didn't change my password. I don't know why. But I am unable to change my password! I can't even go to the link to change it, or reset it, or send it to an alternate email, because if I get there, in less than 2 seconds the page redirects itself to a different page, but hotmail related. I am afraid this person is talking to my contacts, or emailing them, maybe even going through my emails, and it bugs me!! Please help guys I am really afraid right now!

  22. WhatThe says:

    I had a similar thing happen.  I installed Thunderbird and added all my gMail accounts using the default settings.  I did not however add this Hotmail account to Thunderbird.  Strangely my Hotmail account spammed all my contacts, but what is most odd is there is no evidence they were sent using my Hotmail account.  I got about 2 dozen bounce notices to my old contacts.  

    Here's my theory: These eMails are not actually sent from my Hotmail account, but somehow during Thunderbird install my gMail messages were intercepted and the email addresses of all my contacts were harvested.  Then they spoofed the headers and faked that they were sent by my Hotmail account.

    Thoughts?

  23. Chrisallis says:

    I have read this article with some interest as the same thing happened to me. I hardly ever log into my Hotmail account but when I did recently there were Delivery Status Notification (Failure) messages in my inbox and spam messages sent to my contacts in the sent folder. I don't use POP to access this account and had not used it for some time. How did someone gain access? I have no idea. I've done the usual checks for worms, spyware and so on and nothing suspicious found. I've enabled https and changed to a strong password – not that the old one was weak. I'm certain that the account was compromised by methods that were beyond my control.

  24. annie says:

    How do we recover from these situations.  My account has been blocked after I changed my password.  I have yet to hear back from MSN on how to remedy that.  Do any of you have any ideas?

  25. katherine says:

    I need help!! my account has been compromised. I cant reset my password because they changed my security question… I provided my cell phone number so they can text me a code to reset the password and they havent send the code..WHAT CAN I DO?

  26. Jennifer Preece says:

    My hotmail account has been blogged and urgently need accesss to my emails, plz help, . jen9alderbury@gmail.com

  27. Martin says:

    My hotmail was compromised – the message was to open a video or photo, which did not open. Also only noticed it after messages of returned mail. I did say that it looked like spam and reported to MSN. (now says 'Do you think the sender was hacked' and I said yes. A day later my account was suspended with a link to a get a code to verify and requested a change of password. I hope OK now. I don't recall being on any site requesting password, but I did use WIFI with my phone… IS it the WIFI? Am going to delete all my contacts now just in case…  

  28. H says:

    What does one do after it is hijacked?

  29. Linda M Franklin says:

    This has happened to me..today…and I have NO clue what to do??!!! Can anyone helP?

  30. how can i get back in my hotmail, havent heard anything from MS in weeks. i will pay to get back in! says:

    account hacked, locked out, waiting over a week, i WILL PAY $19.99 for hotmail plus or whatever to get back in ASAP. i re-requested to reset the account now about 3-4 times and its been 3 weeks in total that i have been locked out. How much do i need to pay to get into my hotmail account ASAP??

    Jeff

    415-992-7688

    please call or email me at J.goldman@dunhillworldwide.com

    From: Microsoft Account – Unmonitored Automated Email [mailto:unmonitored@microsoft.com]

    Sent: Friday, April 19, 2013 12:06 AM

    To: j.goldman@dunhillworldwide.com

    Subject: We have received your Account Recovery Request for mrjeffgoldman@hotmail.com

    Thank you for contacting Microsoft Support.

    We have received your Microsoft Account recovery request for mrjeffgoldman@hotmail.com. Your issue number for this request is 85146244.

    In order to help you as quickly as possible, your previously submitted issue 84895978 has been closed.

    Once we have reviewed the answers you submitted we will update you on the status of your request at this E-Mail address.  If we can verify that you are the account owner you will receive a link to reset your password.  Please note that it can take up to 24 hours for us to review the information you submitted.

    Thank you,

    Microsoft respects your privacy.  To learn more, please read our Privacy Statement <privacy.microsoft.com/> .

    Microsoft Support Team

    Microsoft Corporation

    One Microsoft Way

    Redmond, WA 98052

    USA

  31. James Brown says:

    The dates of my received emails are totally wrong saying from more than 20 years in the future and the menus look like Arabic, how do I sort it ? all tips appreciated

  32. I went to login to my hotmail account and it was gone. I typed the password and it opened the Outlook site. All my current e-mails are gone . It has nothing of my records. Where is my hotmail emails???

Skip to main content