A few weeks ago, I remarked that my Hotmail username and password had been compromised. I had some theories about how it happened but couldn’t quite put my finger on it.
Well, it happened again and once again, I am not sure how it happened.
I was looking into my Hotmail account and once again I got a bunch of NDRs sent back to me. The date of the original message within these NDRs was Oct 27, 2010, 10:58 pm. I scanned my memory banks and I thought to myself “Where was I on October 27 at 10:58 pm?”
As it just so happens, I happen to have a personal blog over at WordPress. Sure enough, on Oct 27, I published a blog post in the evening around that time. But here’s the thing – I was using a public Internet wifi connection and I wrote the blog post using my iPad (which I won at Virus Bulletin by posting the highest score in a video game). Not only that, I was using a WordPress app for the iPad. So my original theory was that the WordPress app was sending my username and password to WordPress in clear text over a wifi connection. Some piece of malware intercepted it in midstream and sent it back to the spammer.
But that can’t be.
The reason is that I recently transferred over my Windows Live Spaces blog to WordPress in early October. I used to use my Live Spaces account (Hotmail account) to transmit my user information from Windows Live Writer (clearly not a great idea) to Live Spaces, presumably in clear text (erk). So, when I switched over to WordPress and used my iPad to write a blog post using the WordPress app (which I don’t particularly like for other reasons), it makes natural sense that the insecurity of the apps is what caused my password and username to be leaked.
Except that this isn’t possible.
The reason is that when I switched over to WordPress, I used a different password than in my Hotmail account. Even if my WordPress information was leaked, it would not work to login to my Hotmail account. Not only that, but I changed my Hotmail account’s password a couple of weeks ago. Thus, somehow, my Hotmail information was leaked around Oct 27, 2010 even though I have not used any application to login to it – neither through the web nor through any blogging software. Quite frankly, I am a little puzzled. Of course, my operating assumption is that the password and username was leaked on or very near to Oct 27. I am very certain I have not logged into my Hotmail account in any form or shape since several days before and after that, until today when I reset my password.
Here’s where things start to get interesting. Long time readers of this blog have heard the tales of my misadventures in China and Peru where a spammer has twice tried to kill me. Over the past few weeks, myself and my girlfriend have been looking at taking a trip to southeast Asia some time next year, probably hitting up Thailand, Malaysia, Singapore or a few other countries. In some of the bounce messages of this recent Hotmail break-in attempt, the attached original spam is present and within it is the originating IP of the computer used to connect to it. The IP address is 220.127.116.11, reverse DNS = 18.104.22.168.adsl.dynamic.totbb.net. The country of origin for that IP is… Thailand.
Well, well, well, Thailand… what a coincidence. One of the countries I am possibly planning on visiting and it just so happens to have a spammer accessing my Hotmail account from it. I think that this spammer is now stalking me; maybe I should start to hunt him down.