i don't know if this can work, but i think so:
My hotmail account was hacked
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 89%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Mark McDermott
0
Reputation points
My Draft Kings account was hacked which was connected to my hotmail account. When I logged into my hotmail account, the settings were changed so that the language was Vietnamese. At this same time, I was getting an identical email about 10x/minute that had my Draft Kings login password in the Subject line. This password was also my hotmail password. The emails do not have a "from" address. They show up as [Draft] [Unknown} in the From field. The emails are still coming in. I do not know how to stop them. I was able to change the language back to English, and I changed my password. These emails are still coming in at the same rate. Is there anyway to stop them? I deleed all the Rules and disconnected with all the Apps. I selected the option to "sign out of all accounts" and am still waiting for that to happen. Just wondering if I should shut down this email address or not. Thank you for any support.
Outlook | Web | Outlook.com | Account management, security, and privacy
2 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 93%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHD%3C/text%3E%3C/svg%3E)
Huy Dat Nguyen 65 Reputation points2026-03-01T02:07:56.9633333+00:00 -
Q&A Assist2026-02-28T23:27:39.1333333+00:00 AI generated content. This question contains an answer created with AI from Q&A Assist. Learn moreThe behavior described indicates the account was compromised and that a malicious rule or automation was likely created. To stop the continuous draft/"[Draft][Unknown]" messages and secure the account, follow these steps end to end:
- Clean all devices used with this account
- Run a full, up-to-date antivirus/malware scan on every device that has accessed this Outlook.com/Hotmail account (PC, phone, tablet).
- If the issue started when using a new device, strongly consider a factory reset of that device after backing up important data, as recommended in similar compromise cases.
- Verify and secure the Microsoft account
- Go to the Security basics page and sign in.
- Select Review activity and check the Recent activity page for unusual sign-ins. For any activity that is not recognized:
- If it appears under Unusual activity, expand it and select This wasn’t me.
- If it appears under Recent activity, expand it and select Secure your account.
- Change the password again from Security basics (Change password) and ensure it is strong and unique, different from any DraftKings or other site passwords.
- Complete hacked-account recovery steps
- Follow the guidance in How to recover a hacked or compromised Microsoft account:
- Ensure antivirus scans are complete before changing passwords.
- Change/reset the Microsoft account password using the official password change/reset links.
- Check account settings Microsoft may have reset and verify nothing malicious remains.
- Follow the guidance in How to recover a hacked or compromised Microsoft account:
- Clean up Outlook.com mailbox configuration
In Outlook Web (Outlook.com):
- Re-check Settings → Mail → Rules and delete any suspicious rules (even if already checked once). Attackers often use rules with odd names or conditions to auto-generate drafts or move mail.
- Check Mail → Forwarding and remove any forwarding addresses that are not recognized.
- Check Automatic replies and ensure no auto-reply is configured that the attacker might have set.
- Use Add senders to safe and blocked senders lists only for legitimate addresses; do not try to “block” these internal draft messages this way, as the root cause is usually rules/automation, not an external sender.
- Sign out everywhere and revoke access
- From the Microsoft account security pages, use the option to sign out of all sessions (already initiated) and then:
- Review connected accounts, app permissions, and any apps that can access the mailbox. Remove anything not recognized.
- Monitor and decide on account closure
- After completing the above, monitor the account for a while:
- If the draft/unknown messages stop and no new unusual activity appears on the Recent activity page, the account can continue to be used with the new password and security info.
- If malicious behavior continues despite all steps, consider migrating to a new email address for critical services (banks, DraftKings, etc.), updating those services with the new address, and using the old address only as a secondary or eventually closing it after everything is moved.
- After completing the above, monitor the account for a while:
- Strengthen ongoing protection
- Add alternate email and mobile phone as security info so recovery is easier if anything happens again. See Add an alternate email address and mobile phone number to your account.
- Regularly review the Recent activity page when any unusual alerts or language changes occur.
If recovery or security tools fail or errors appear, use the official support channels for Outlook.com and Microsoft account to escalate, as shown in the referenced guidance.
References:
- How to recover a hacked or compromised Microsoft account
- Help protect your Outlook.com email account
- What happens if there's an unusual sign-in to your account
- My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
- Hacker set up continuous draft ransomware email - Microsoft Q&A
- Receiving email from blocked senders in Outlook.com
- Clean all devices used with this account