What to do if your Hotmail account got hacked – the recent spate of attacks on Hotmail accounts
If your friends and contacts have received an email or IM message from your Hotmail account with wording along the lines of "I would like to introduce a good company who trades mainly in electronic products... etc" - it is highly likely that your Hotmail account has been compromised.
IF YOU ARE THE POOR SOUL THIS HAPPENED TO, THEN YOU SHOULD READ ON AND FOLLOW THE INSTRUCTIONS AT THE BOTTOM OF THIS ARTICLE.
In most cases when a spam email is sent in your name to someone else, the spammer doesn't need access to your account. All they need to do is spoof your email address - i.e. make it look like it was sent from you. That's very simple to do, and is very common.
However, the latest spate of spam from Hotmail accounts is different in that the attackers actually hack into your Hotmail account and then do some or all of the following things:
- They send a spam email to all your contacts.
- They may send a spam IM message to all your Messenger contacts
- They may delete all your Hotmail contacts
- They may set your autoresponse (the one you set when you go away) to send this spam message
- They may set your email signature to include the spam message
You know that they have hacked into the account because you can see clearly that they have sent an email from it to all your contacts, or even an instant message. They would not be able to do this if they did not have access to the account.
HOW IT HAPPENS
I don't have a definitive answer, but I do have a theory which, based on the evidence, looks likely. If your password is a common name or a word that appears in a dictionary, then your account is vulnerable, even if it has a year of birth or number attached to it.
This is how the hackers do it:
- They employ an automated script that is fed your Hotmail address and then goes to work./li>
- It feeds the entire dictionary and common passwords and names into Hotmail one by one, trying to log in.
- After several attempts Hotmail "locks" the account and present a CAPTHCA (i.e. a string of wonky letters and numbers that are supposed to stop scripts from doing exactly that, because only a human can read these letters, supposedly).
- Unfortunately the CAPTCHA method no longer stops scripts, because hackers have found ways around them. One of those ways works by using sophisticated character recognition software that can read the wonky letters. Another is to feed the letters to "CAPTHCA farms" - the letters are fed to human users, employed by the hackers to read and enter CAPTCHAS, and they are often paid by the number of CAPTCHAs they enter (for example 1 cent per entry). This becomes viable financially if the spam is part of a bigger scam. The scale of the deception means it makes more money, especially because people are much more likely to trust spam messages sent by their friends. This achieves greater returns for the hackers and means they can attack many accounts, bypassing email security systems.
- Sometimes the scripts do their work over days, and sometimes weeks, to escape being caught by Hotmail's attack detection systems.
There are of course other ways for hackers to achieve this kind of attack, such as spyware on your computer, or you being deceived by a rogue website. My instructions below would help you tackle these as well.
WHAT SHOULD I DO IF MY HOTMAIL ACCOUNT GOT HACKED?
Go through the following steps, one by one:
1. Before you do anything else, change your Hotmail account password to something very safe. Not a dictionary word or name, or even a word and numbers. Use symbols such as $ and & in your password, and make it long. I know it is difficult to remember, but if you don't want to be hacked, you'll have to start using strong passwords.
2. Now check that your autoresponse and email signature on Hotmail do not have any spam text added to them, as this would go out to your contacts automatically.
3. Then check that your computer does not have spyware or viruses, by following the instructions here.
4. From now on keep your passwords safe, and be extra careful when using public computers (such as those in Internet cafes). If in doubt - change your passwords.
5. You may want to alert Hotmail support to the problem. It seems to be happening all over the place, and the more they know about it, the better it is for their efforts to address it.
And please note: if for some strange foolish reason you decide to go to the site advertised by the spammers, and you are even more foolish and decide to buy something on it, don’t be surprised if it never arrives. This is a well known scam, and you will never get your goods, you muppet.
Photobucket Hacked – Latest Updates
MOST CURRENT - 20 June 08 14.15 GMT:
Things seem to have stabilised as the corrected dns settings filtered out across the web. There are still a small number of users accessing the instructions on what to do to get onto Photobucket, of which some would be due to local caches.
So I guess it's almost situation normal! Have a good weekend, and keep your images safe...
PREVIOUS UPDATE:
19 June 08, 22.15 GMT: There are still quite a few reports from all over the globe of Photobucket not working. Some users are reporting that they are still getting a holding page. The search volumes of people coming to this blog to try and resolve the problem have not diminished since yesterday.
It's interesting that I can actually tell from the logs to this website users of which ISP's still can't access Photobucket.
For example, the article about what to do if you still don't have access to Photobucket is frequented the most by users from two US ISPs:
Comcast (USA), and
Road Runner (USA)
I'm also getting visitors to this article from other places like:
Speedy Net (Peru)
AT&T/SBC (USA)
Centurytel (USA)
Wanadoo (Holland)
Planet (Holland)
Direct-adsl (Holland)
Bredbandsbolaget (Sweden)
SCRTC (USA)
Time Warner Telecom (USA)
Opticon (Hungary)
BCC Net (Delta, British Columbia, Canada)
Dodo (Australia)
== many others ==
But Comcast and Road Runner are miles ahead of everyone else in the numbers of users suffering from this problem. If you are their users - talk to them. Explain that they need to force a dns refresh.
Apparently the (alleged) Turkish hackers group used an account on the servers of Bulgarian Hosting company Zettahost, causing all affected Photobucket traffic to redirect to it. Zettahost took the hackers' page down, and put up an explanation instead. And, indeed, some users are still reporting that they are getting the Zettahost page, when trying to access Photobucket.
Two things have compounded the problem:
a. Photobucket has not been posting any updates on their site, so users don't know what's going on. Their latest corporate blog entry is from June 12 and is entitled: "We're the best photo sharing site, so vote for us!" The latest press release is from May 14th. As of now there is still no official information from Photobucket about the incident.
b. Although it was very thoughtful of Zettahost to put up an explanatory message on the website that users were redirected to (the website that users got instead of Photobucket), the message was obviously written by someone who is a non-native speaker of English. As a result of the awkward grammar, some users thought it couldn’t have been written by a real company, and that this was still a site controlled by hackers.
The message goes:
================================================
IMPORTANT! Photobucket.com problem read here:
Last night Photobucket.com DNS at register.com was hacked by malicious people that are trying to compromise our business!
We are in no way affiliated with such bad deeds and cooperate with photobucket in capturing these individuals.
They have pointed the domain photobucket.com to an account hosted on our systems!
We have blocked that and photobucked techs have restored the domain pointing to its original location!
ALL account information and pictures on photobucket.com are OK, please have patience!
Unfortunately the complete DNS replication usually takes 24-48 hours and during this time caches DNS records might still point to us!
The normal operation of Photobucket is restored and as soon as the replication is complete there should be no further such issues!
We would like to emphasize that we are in now way responsible for what happens with photobucket and all users bumping across our systems!
We are a legitimate web hosting company operating since 2003 and in no way tolerate such hacking attempts!
If you have any questions please do not hesitate to contact us at abuse@zettahost.com!
Thanks for your patience and understanding!
================================================
It looks like a waiting game now…
Bookmark this page or subscribe to the "That Danny!" blog to follow updates.
============================================
MORE PHOTOBUCKET INFORMATION:
For the background to this story - go here.
============================================