I use Hotmail. My password was strong (upper/lower case letters, digits, and special characters. No dictionary words.
It was only 8 characters, maybe that was the problem?
-
I only use this password for my e-mail. Nothing else.
-
I didn't receive or respond to any phishing emails.
-
I checked news sites and there is no report of Hotmail itself being hacked.
-
Malwarebytes and other scanners/tools I have claim my system is clean. No key loggers.
Does anyone have any thoughts on how my account could have been compromised?
They immediately changed the password, recovery questions, and recovery email. Then they sent spam asking my contacts for money (to be sent via Western Union). The IP address the mail appears to originate from seems to be a Nigerian IP block.
First, I don't understand how my password could have been gotten. When I tried guessing passwords, after five or six attempts it made me enter a CAPTCHA before each attempt.
Can people brute force Hotmail/MSN passwords?
Second, it doesn't appear that there is anything I can actually do. When I search online, all I find are tips to prevent being the victim of fraud (i.e. don't send money via Western Union) but I can't find any place to report the criminal(s).
Does such a place exist?
Finally, what steps can I take to prevent this in the future?
Best Answer
Hotmail can be bruteforced. And CAPTCHA is always being improved because it's always being broken. Also, sometimes companies have vulnerabilities they don't know about or don't acknowledge, etc. Basically what I'm trying to say is, even if you are very safe on the internet (as it sounds you are), your account can still be hacked.
One thing, however, many people over look is when and where they log into their accounts. It is best not to log into email and Facebook in places like the Apple store, on a Starbucks or McDonalds network, etc, as those computers and networks are "out in the open". As we saw with Sony recently, sometimes the big company won't even encrypt sensitive data before it starts sending it through the air. NEVER log into bank accounts from a public network.
Your account can also be compromised by someone cracking the password reset questions you set. Someone can use the forgotten password link to view these questions. If they are easy to guess or ones with common answers you are leaving your account wide open.
Notify your friends that you have been hacked, using Bcc. Notify Hotmail support. And probably, you will have to make a new account.