Hotmail hacked via SMTPX

Question

Hotmail hacked via SMTPX

Anonymous

My hotmail account has been recently compromised.

Some hacker got into my account - stole a lot of data and also sent 3 emails to recipients I do not recognise.

In those 3 emails that he sent to other people (other hackers i assume) he included my email address, password, host and port.

The messages look like this (my email and password removed and replaced with #) with the subject 'SMPTX RESULTS' :

+++++++++ Rezlt information +++++++++
[+] E-mail : ###############@hotmail.co.uk
[+] E-mail Password : #########
[+] Host : smtp.office365.com
[+] Port : 587
+++++++++ | + K I R A + | +++++++++

these are the hackers email addresses they were sent to :

s*********@gmx.de

a*********@indiscrimimail.ru

c*********@hotmail.com

They also signed into my Sons playstation account (obtained from my emails) and changed the email to one of their own...but i managed to phone sony and get the account back...the nice lady said that they had added a PS5 to the account which will now receive a permanent ban on the sony network...nice :)

I also keep getting emails from outlook postmaster saying: Delivery has failed to these recipients or groups:

i***c@emailnaychidegioithieutoolkhongbudatacuaaedcdaunha.idtienphuoc (i****c@emailnaychidegioithieutoolkhongbudatacuaaedcdaunha.idtienphuoc)Your message couldn't be delivered. The Domain Name System (DNS) reported that the recipient's domain does not exist.

AND also this email = n***@gmail.com (n***@gmail.com)

They are obviously the hackers email addresses as i dont recognise them and they're not in my address book/contacts etc.

Have the hackers set up a system to forward every email to themselves? If so how can I block a recipient from receiving my emails...ive done the opposite which is block a sender..but not block a receipient?

how have they done this? I guess its some sort of script/scraper scanning or scraping ports with a short password? Ive since changed my password and changed it to a long one.

How can I stop i happening again.

Who should I report the email addresses to - ive already sent them to action fraud police UK cybercrime unit.

thanks.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

9 answers

Answer 1

oh, so no apology from you for getting things wrong and not understanding a simple sentence that I explained more than once?!

and ive noticed youve removed your mistakes and the comments that you were incorrect on....about as much use as an inflatable dartboard!

I wont thank your for your time and understanding,.. as you didnt understand anything...and you wasted my time.

Answer 2

Hello Sonia, i'm facing the same problem here (they logged in my account, created a forward rule, they use my mail as expeditor to spam hundreds of unknown email, tryied to convert some money in skype, they bought 3 xbox + gift card of 100$, etc....)

What did you do to report these suspect activities ? I'm facing the same difficulty to contact a competent person for this case..

(sorry about my english..)

Answer 3

Yes - but I had to find out all this information by myself - no help from Microsoft!

And the hackers still persist every 15mins to try to log into my account from different IP addresses all over the world. I know this as I check the 'see when and where you've used your account' section in the security section of my Microsoft account.

And Microsoft are doing nothing to stop it!

You dont even answer my questions above like: Have the hackers set up a system to forward every email to themselves? If so how can I block a recipient from receiving my emails...ive done the opposite which is block a sender..but not block a recipient?

and: How can I stop it happening again?

Instead all you say is "it is recommended that you pay attention to the security of your account" - which im obviously doing ..so that comment is of no help. And shouldnt you/Microsoft be paying attention to the hackers 'unsuccessful sign in' attempts and unsuccessful syncs every 15minutes from different I.P. addresses every time?

Answer 4

Dear Sonia Pritchard

Thank you for your reply.

Obviously, the hackers are using specialised cracking tools to try and crack your password without stopping, but even if they do, they can't directly access your account

We're glad to talk to you more about the security of your Microsoft account.

First of all, two-step verification protects your Microsoft account, and your two-step verification protection will automatically kick in if you sign in to your account from an unknown device or an unusual IP address.

The problem is that, for convenience, if you sign in to your Microsoft account from a commonly used device, such as signing in to your Microsoft account using EDGE, a short-term SESSION ID file will be generated that is designed to automatically re-sign in in case you suddenly and unexpectedly close your browser. Acredential files are also generated in Windows to allow you to quickly log in to your Microsoft account, which I think may be your problem.

The good news is that you don't have to worry about this scenario, if the hacker just got your password then the login will definitely be blocked by the two-step authentication as it doesn't have your login credentials nor your session ID file.

Honestly, many users nowadays are experiencing account hacking mainly due to logging into Microsoft accounts in public environments such as internet cafes, libraries, and cafe computers.

If these devices come pre-installed with a Trojan Horse programme, then the hacker may be able to simulate the login environment by stealing the SESSION ID file and then change your password. However, if the hacker tries to change your two-step verification information, the account will be frozen for a month, at which point you can change your password on a secure computer to prevent the hacker from stealing your account.

The second scenario is when you accidentally click on a phishing email and enter the correct account name and password. The same hacker may be able to access your account, but it will freeze your account when the authentication information is changed and you will receive a warning email alerting you that important rescue information is being changed.

So, in conclusion, as long as the user is security conscious and adds additional authentication methods such as Rescue Mobile, Rescue Email and Microsoft Authenticator tools, all of these can ensure that your account is secure.

Of course, you can re-add an alias for your account and set it as the primary alias, and then remove the login access to your current address, (it is not recommended that you delete it directly, Microsoft domain deletion will not be recoverable), this method will be effective in curbing uninterrupted logins from hackers.

Add or remove an email alias in Outlook.com - Microsoft Support

I hope the above information can help you.

Best Regards,

Peter.Y-MSFT | Microsoft Community Support Specialist