How Did my Hotmail get Hacked?

GroupDIY Audio Forum

Help Support GroupDIY Audio Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Use a password manager that generates random complex strings for each login, and change them at regular intervals.  No password is 'safe'. The object of the game is to create a strong password that makes it impractical to break in a reasonable amount of CPU cycles/time.
 
Hotmail has consistently been a very insecure service.

My Apple ID got hacked twice in recent months, not at password level but using security questions.  Luckily caught it both times right away and have now set up two stage verification (a code is texted to my iPhone before any account changes can be made).

(I should add that anyone who steals a nude photo of me has the punishment built right into the crime).

 
You've probably got it covered at this point, but FWIW my take on personal data security is this:

- As Ethan said, use a password manager so that it's easy to generate random passwords and keep them secure with a master password that never gets transmitted anywhere.

- Never re-use a password ever.

- If you use an email address to login to important services like banks etc, then consider never sharing that address with anyone else, and use another address entirely for less critical and more public sites. At this point I have around eight legitimate email addresses that I use, and the important ones are known to very few people.

- One of the easiest ways for you to be targeted is for one of the people you've handed out your email address to, to be targeted and so you're reached through their lax security. Obviously you can't stop having friends, but do assess their computer skills critically and only give them one of your less critical email addresses if you think they might get you in to trouble later.

- Never login to hotmail/outlook without using https:// at the start of your url. Make sure any other mail clients you use use SSL where possible.

- Public wifi hotspots while useful are something to avoid in general. Anyone can sit with their laptop in a cafe (set up as a wifi hotspot) and set it's name to "bob's cafe wifi" etc, and then wait for unsuspecting users to login in to that network thinking it's the store supplied one (people generally think nothing of it when they see duplicate wifi network names in the list). The people that do that will forward your data to the actual local wifi so you won't notice the middle-man, but that person will be storing all of the data that travels through their laptop for inspection at their own leisure.

- If you must use public wifi, then don't logon to anything critical using it or browse any websites that would give away too much about yourself and your habits.

There's probably more, but that's all I can think of right now. ;)

Kaz
 
once they access to your address book, they have emails and corresponding phone numbers.
they can copy sim cards in no time with those phone numbers, and can receive text messages for additional password.
its a chain reaction, also depends on yours and hackers location....

 
ruairioflaherty said:
Hotmail has consistently been a very insecure service.

My Apple ID got hacked twice in recent months, not at password level but using security questions.  Luckily caught it both times right away and have now set up two stage verification (a code is texted to my iPhone before any account changes can be made).

(I should add that anyone who steals a nude photo of me has the punishment built right into the crime).

Oh and it should be mentioned. Never answer your security questions truthfully.

Q. What's your mother's maiden name?
A. some-random-answer-that-you-will-remember-but-doesn't-make-any-sense-whatsoever.

Two stage verification is good, but it's easy to lock yourself out if you misplace your key.
 
I do not like the number of companies asking similar security questions. When they get hacked the hacker learns you security question answers that may show up elsewhere.

Hackers and spammers should die a painful death.

I got spam the other day offering to sell me millions of email addresses. :eek:

JR
 
ruairioflaherty, are you Medusa ?  [ yeah I know I don't look in the mirror either ! ]
In Canada , Winnipeg Manitoba , My I.S.P.  has a fire wall and gives an anti virus free ,
And using gmail , I haven't had any of the Hotmail problems my daughter did .
 
I got locked out of it again today... I last changed my PW when I posted in this thread... How often do you need to change it?

As I've asked before, if you get locked out after so many attempts, how does the hacker get to run a billion permutations via a PW crack software? Unless they've got a worm that inside M$'s servers, I can only conclude I'm being hacked another way. Wireless? I have encryption on.
 
thermionic said:
I got locked out of it again today... I last changed my PW when I posted in this thread... How often do you need to change it?

As I've asked before, if you get locked out after so many attempts, how does the hacker get to run a billion permutations via a PW crack software? Unless they've got a worm that inside M$'s servers, I can only conclude I'm being hacked another way. Wireless? I have encryption on.

Keyboard logger on your computer maybe. Did you check for viruses/trojan horses? Though my recommendation would be to set up your system completely fresh.
 
I run MSE anti-virus as well as Malwarebytes  - neither programme has picked anything up.

The hack seems to have occurred shortly after I accessed hotmail via my phone - on both occasions, when I've had a period away from  the PC. However, I've changed phone a couple of weeks ago - so I don't think it's a programme on the phone.

Also, at the same time I got hacked last time, the girl who rents the room next to my office also got  her hotmail hacked in exactly the same way... We share wi-fi... Is WEP encryption difficult to hack that way? 
 
Re: security questions.

Why not use the same 128-bit password type for the security questions as well? A good password locker tool will remember it just the same.

What's your mothers maiden name? Kz33jkkKsgfoöQe8774iiiNxm
 
Kingston said:
Re: security questions.

Why not use the same 128-bit password type for the security questions as well? A good password locker tool will remember it just the same.

What's your mothers maiden name? Kz33jkkKsgfoöQe8774iiiNxm

Thanks. But what's the benefit to doing this? They didn't need to answer any security questions, did they? If they did, then that would mean they've hacked my main business email - but I see no evidence of that (it's via Gmail for Business).
 
thermionic said:
Kingston said:
Re: security questions.

Why not use the same 128-bit password type for the security questions as well? A good password locker tool will remember it just the same.

What's your mothers maiden name? Kz33jkkKsgfoöQe8774iiiNxm

Thanks. But what's the benefit to doing this? They didn't need to answer any security questions, did they? If they did, then that would mean they've hacked my main business email - but I see no evidence of that (it's via Gmail for Business).

I can't say how the account got hacked. It was more a general observation. It's especially important not to skip those questions with answers like "don't care" or "whoknows" because a library attack will find them within the first 50 tries.

Also,

password_strength.png
 
weiss said:
use a mac ;)

Perhaps you have had too much of the marketing koolaid. Or was that an ironic take on the recent excessive celebrity nude scandals that are entirely based on iCloud?

How exactly does any Apple product prevent user errors and social engineering based "hacking"?

Besides these simple OS-agnotic attack-vectors I will have you note, the following are simply the hot items of the past two weeks.

http://arstechnica.com/security/2014/10/reddit-powered-botnet-infected-thousands-of-macs-worldwide/
http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/
http://www.theverge.com/2014/9/24/6840697/worse-than-heartbleed-todays-bash-bug-could-be-breaking-security-for

Based on your post I selected a more user friendly article on each item, but feel free to dig into the details. I sincerely hope the Apple reality distortion field [RDF] will keep your data safe.
 
It is obvious that every device being connected to a network can be possibly hacked by anyone. This is fact. So there is no "safe house".. But: as far as i can tell, until now i had much more viruses and trojans on my windows devices than on my macbook. (at least those i know of ;) )..
 
Back
Top