The shame of having your email account hacked

Forums › Off topic › The shame of having your email account hacked - thanks Globseason

lurker

838 posts

Ultimate Geek
+1 received by user: 223

Lifetime subscriber

#33126 30-Apr-2009 14:50

Has this every happened to you? I've fixed countless problems for folks, got their PCs back in order when they were ready to just buy a new one. Keep telling people to not open those emails, stay away from pirated software etc etc. Now my old Hotmail account got hacked and about 140 people got some horrible spam from Globseason from me. I feel quite ashamed really! I'm probably just over-reacting as most people would just ignore the spam anyway.

This is the first time anything like this has happened to me, so I'm not sure if Globseason is a particularly special case but it seems to be a hot topic at the moment. I found plenty of help and it looks like the Windows Live team will be able to restore all my contacts that have been subsequently deleted. Unfortunately I'm at work right now so I can't wait to get home and start scanning all my PCs on the home network.

Just wondering, is there any security issue if I'm web-browing on my Nokia N95 through my wireless lan at home? I have started to use it frequently and never thought there was anything to be concerned about.

tonyhughes

Hawkes Bay
8476 posts

Uber Geek
+1 received by user: 6

Retired Mod

Trusted

Lifetime subscriber

#210910 30-Apr-2009 15:00

Do you know how it was hacked? Malware on your PC? Brute forced? Server/service vulnerability?

lurker

838 posts

Ultimate Geek
+1 received by user: 223

Lifetime subscriber

#210915 30-Apr-2009 15:17

No idea as yet. Must have happened overnight, I checked Hotmail on my N95 at work and saw a bunch of undeliverables which alerted me to the situation. I've been mucking around on my HTPC for the last few days and the only change to my regular desktop was installing a new version of CPU-Z, minus the Ask toolbar. I just want to get home asap so I can start looking into this.

zocster

1994 posts

Uber Geek
+1 received by user: 105

ID Verified

Trusted

Lifetime subscriber

#210917 30-Apr-2009 15:28

hmm have a read at this, cpu-z should be harmless ... so have you done any of these steps to allow others know your password to your hotmail?

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#210918 30-Apr-2009 15:31

Note: Spammers often fake or spoof the from addresses for spam they send. They can do this without having compromised your actual email account.

Right now if I wanted to send you an email which pretended to be from bill.gates@microsoft.com I could easily. Any half decent junk filtering would check the origin of the email using SenderID or reverse dns and filter out the fakes.

All you can do really is encourage anyone who is getting this type of bogus email to use better junk mail filtering.

I would still double check all your pc's and change any insecure passwords to more secure 10 digit paswords with a mix of numbers, capital letters, lower case letters and other characters (eg: #!@#!@#). Just in case.

zocster

1994 posts

Uber Geek
+1 received by user: 105

ID Verified

Trusted

Lifetime subscriber

#210919 30-Apr-2009 15:37

Ragnor: Note: Spammers often fake or spoof the from addresses for spam they send. They can do this without having compromised your actual email account.

Right now if I wanted to send you an email which pretended to be from bill.gates@microsoft.com I could easily. Any half decent junk filtering would check the origin of the email using SenderID or reverse dns and filter out the fakes.

All you can do really is encourage anyone who is getting this type of bogus email to use better junk mail filtering.

I would still double check all your pc's and change any insecure passwords to more secure 10 digit paswords with a mix of numbers, capital letters, lower case letters and other characters (eg: #!@#!@#). Just in case.

Was that you who's been sending spam out of my domain? :P

tonyhughes

Hawkes Bay
8476 posts

Uber Geek
+1 received by user: 6

Retired Mod

Trusted

Lifetime subscriber

#210920 30-Apr-2009 15:38

Undeliverables are not a reliable indicator of anything untoward with your account.

I can generate undeliverables till the cows come home, for any email address, without touching the 'victims' account, mailserver, pc, or network.

New World

Shop on-line at New World now for your groceries (affiliate link).

lurker

838 posts

Ultimate Geek
+1 received by user: 223

Lifetime subscriber

#210921 30-Apr-2009 15:41

zocster: hmm have a read at this, cpu-z should be harmless ... so have you done any of these steps to allow others know your password to your hotmail?

No, I'm pretty sure I haven't done anything of the sort. He's a link to someone's blog on the same problem

Ragnor: Note: Spammers often fake or spoof the from addresses for spam they send. They can do this without having compromised your actual email account.

This is an actual account hack, because after spamming all my contacts they then deleted them, plus they set up an auto-reply to harass anybody else who emailed me. I've undone all this, and am waiting/hoping my Contacts will be restored by the helpful Windows Live team. Plus my password has been changed.

tonyhughes

Hawkes Bay
8476 posts

Uber Geek
+1 received by user: 6

Retired Mod

Trusted

Lifetime subscriber

#210924 30-Apr-2009 15:47

lurker: This is an actual account hack, because after spamming all my contacts they then deleted them, plus they set up an auto-reply to harass anybody else who emailed me. I've undone all this, and am waiting/hoping my Contacts will be restored by the helpful Windows Live team. Plus my password has been changed.

Very hacked then!

Bummer!

zocster

1994 posts

Uber Geek
+1 received by user: 105

ID Verified

Trusted

Lifetime subscriber

#210926 30-Apr-2009 15:49

gee somethin serious, reminded me to always use https on my gmail account, it's always set on https for my google apps but yeah ... so thanks!

Ragnor

8279 posts

Uber Geek
+1 received by user: 585

Trusted

#210928 30-Apr-2009 15:59

zocster: Was that you who's been sending spam out of my domain? :P

Hah I can if you like!

...but no we had s spammers sending email out pretending to be "us" very irrating and in the end jack all you can do about it. We almost lost one customer because he didn't believe email could be easily faked until I sent and email from himself to himself with a fake message.

Re: OP

I recommend this password generator:

- Change the length to 10 and tick include punctutaion and go crazy

http://www.pctools.com/guides/password/

lurker

838 posts

Ultimate Geek
+1 received by user: 223

Lifetime subscriber

#210934 30-Apr-2009 16:08

Thanks for the comments so far, I would just say if any other Hotmail users are having the same trouble, make sure you visit the relevant Windows Live forum here and follow the instructions to (hopefully) get your contacts restored. And don't forget to change your password and switch off the auto-responder.

Apple TV

Stream your favourite shows now on Apple TV (affiliate link).

nate

6473 posts

Uber Geek
+1 received by user: 458

Retired Mod

Trusted

Lifetime subscriber

#210986 30-Apr-2009 19:08

lurker: Thanks for the comments so far, I would just say if any other Hotmail users are having the same trouble, make sure you visit the relevant Windows Live forum here and follow the instructions to (hopefully) get your contacts restored. And don't forget to change your password and switch off the auto-responder.

Does your "forgot your password" have a question that is hard enough to guess? Some time ago I had a challenge with a mate that I couldn't "hack" his Hotmail account, I did it three or four times despite him picking complex passwords all because I guessed his forgot your password answer.

We got up to some serious mischief in secondary school...

lurker

838 posts

Ultimate Geek
+1 received by user: 223

Lifetime subscriber

#211094 30-Apr-2009 23:54

nate:Does your "forgot your password" have a question that is hard enough to guess?

Yeah, because I usually substitute my own question instead, eg zip code becomes prime minister's name, something along those lines. I've been busy scanning etc, every PC is coming up clean, and no strange startup entries or running processes that look out of the ordinary. I don't really think my password was given up by me, I can't see it happening, though won't rule anything out until I find out the cause.

lurker

838 posts

Ultimate Geek
+1 received by user: 223

Lifetime subscriber

#211097 1-May-2009 00:06

Oh, and the Windows Live team have sent me a list of all my Contacts, which was very good of them. They seem to be pretty busy with these requests at the moment, and they are advising people that their teams are trying to investigate what malware is responsible for this current spate of problems.

The only piece of equipment I own that I don't know much about (technically) is my Nokia N95, which I'm using more frequently online although I'm too paranoid to touch it (for web browsing) at the moment. This might be a dumb question but do devices like this need to be protected? I see antivirus applications are available, are they necessary? I'm not running anything like that at the moment.