Hotmail fights back against hacked email accounts

Filed Under: Data loss, Privacy, Spam

HotmailMicrosoft has announced a new feature for Hotmail users that should help in the fight against email fraudsters and spammers.

It wouldn't surprise me if many of us haven't received an email which appears to come from a friend, but actually contains a bogus cry for help claiming they are stranded in a foreign country or a spammy advert.

Often in these cases your friend's email account has been compromised because they chose a weak password, or had been using the same password in multiple places - only to have one of them phished, or were careless with their computer security.

One famous example of this happening occurred two years ago, when the Hotmail account of UK politician Jack Straw (who was the country's Justice Secretary at the time) sent out hundreds of emails attempting to defraud his contacts.

My friend has been hacked!Hotmail's new feature is designed to make it quicker and easier for control of the hacked email accounts to be returned to their rightful owners.

Recipients of emails from clearly compromised accounts can now report them directly to Hotmail, as a new "My friend’s been hacked!" reporting option has been added under the "Mark as" menu.

In addition, accounts can also be reported as compromised if you mark a message you have received as junk:

My friend has been hacked!

If you make use of these options, you're giving Hotmail a heads-up that the account could have been compromised and they can use the warning (and other signals they pick up from the account's behaviour) to determine if they need to stop the account from being abused, and begin the process of returning control of the account to its rightful owner.

What's especially warming about this initiative is that it's not just a Hotmail to Hotmail thing.

Dick Craddock, the Microsoft Group Program Manager responsible for Hotmail says that Hotmail is also sharing these notifications with Gmail and Yahoo, which means that you could still be helping a hacked friend even if they don't also use Hotmail.

Let's hope we see other web email providers follow Hotmail's lead and offer similar ways for their own users to report possible account compromises. After all, minutes matter if your email account has been breached - the long an account is under the control of malicious hackers, the more harm that can be done.

Hotmail says it has only had the functionality enabled for a few weeks, and it has already helped it identify and recover thousands of hacked accounts.


, , , ,

You might like

41 Responses to Hotmail fights back against hacked email accounts

  1. R0nin · 1545 days ago

    As long as they take meaningful action, this is a wonderful thing! I've had obvious spam sent to me by my son's account, and all I could do was tell him about it and hope he could figure out how to fix it.

    I hope it's more meaningful than "Mark as Phishing scam", where you continue to receive the same messages over and over. I'm tired of applications giving users the illusion of being allowed a meaningful response, when the actions we take are, in reality, ignored. Hulu's "Ad Tailor" and YouTube's "flag as spam" options are other examples that come to mind. But I digress.

  2. George · 1545 days ago

    Excellent idea. Good thinking, Hot Mail. A simple, clean, 'obvious.' and effective measure.

  3. Elrik · 1545 days ago

    Excellent! Glad to see Microsoft helping us help our friends. I've seen quite an influx in the past 6 months of compromised accounts.

  4. Mike Thorpe · 1545 days ago

    I sincerely hope this is sorted. My hotmail account was hacked and despite 2 weeks' worth of online 'conversation' with me sending over 2,000 words in total, Microsoft refused to give me my account back. I could live with creating a new account, but it's the fact that my xbox account is irrevocably linked to my hotmail account, meaning I have no control over that any more (and therefore won't be able to download the approx £50 worth of games again if my hard drive crashes).

    • Marsha · 744 days ago

      Microsoft is not right someone hacked my account and told my contacts that I was kidnap and to send money that was in 2011 and I am still fighting them and the phone number that they have on the account someone elst owns it and when they put in the code it gones to that new owner of the phone when I call them and asked them to give me the code number to get back into my email they will not call nor text me the code. I have all paper work proof that that account orginally belongs to me every time I put in a new form with them they just shut me down and refuse to give me my account back with vital info that is mine I am going to write to microsft and submit the paper work I have I have been up for a week trying all I can with proof to retrive my account.

  5. FireRx · 1544 days ago

    How about Microsoft fix the holes that allow someone to hack other peoples accounts in the first place. the Just make another account option will lose them users.

    • Reader · 1544 days ago

      Did you read the article properly? There are examples as to how people get their accounts "hacked". How does Microsoft fix users stupidity?

      • Aaron · 1408 days ago

        I wonder if it is a password userend issue. I've received many emails like the ones described here from friends that are knowledgeable geek types and never is it from their gmail or other email accounts. It is universally Hotmail/windows LIVE accounts.

        All of us tend to have several email accounts, and to be fair most have an old hotmail around, but again, the other accounts remain untouched (gmail for example... or even work email addresses ... hell, my running room account even).

        In a day and age where free email accounts are given out more freely then candy the fact that it is always from a hotmail account is strange.

  6. easyosx · 1544 days ago

    I think it's a simple step on Microsoft's part, but very effective nonetheless.

  7. aneesh · 1544 days ago

    I think this is a great idea, I've received many mails from friends as well. Like R0nin mentioned, this'll be effective only if Microsoft take meaningful measures...

    • P4s$w0Rd · 1520 days ago

      I so hope R0nin is his password.

      • LOL · 1126 days ago

        And I so hope P4s$w0Rd is His password!!!

        Sigh! It's probably something much more difficult like dR0w$s4P...

  8. Nomphra · 1541 days ago

    Would love to see Facebook do something similar to this!

  9. Chris · 1502 days ago

    Yeah, my Hotmail was just hacked and I have to fill out a form with identifying info then when I submit the message says it could take up to 48 hours to get back to me. That's too long.

  10. snead · 1502 days ago

    You should check out the hotmail forums. Looks like there's been a mass hacking--I guess. Lots and lots of people can't get into Hotmail right now, and MS is just tossing out the form letter with the link to change your password, and you can change your password, I just did, but I still couldn't get in.

    • Michelle · 1321 days ago

      It definitely seems to be a mass hacking. I have seen familiar email addresses with certain catch phrases like wow, very good or see this. I opened them and now I am at
      this point where my account is blocked over a week now. People beware don't open
      any mails with catch phrases even if it's in your inbox. I Checked out those hotmail forums and they're not any help to me, just going around in circles.

  11. Bob The Builder · 1490 days ago

    Suggestions to people who have not had their important HotMail account hijacked YET!:

    1) Change Your password to something secure and change it often.
    NEVER use the same password on your email as you use for another site especially social networking sites like Facebook.
    2) Be certain to add a telephone number and a secondary account to your primary account.
    3) Go to your Hotmail and print a hard copy of your "Account Details: page.
    4) Make a hard copy list of everyone you've emailed in the last month.
    5) Make a hard copy list of the names of all of your folders.
    6) Use Outlook, Thunderbird, or a similar program to download and archive all of your mail to your hard drive.
    7) Create a backup email account and auto-forward all of your Hotmail there from now on while leaving a copy in your primary account's inbox. This way if your account is hacked you should still get your mail. This can be the same account as your secondary account listed above.

    If you lose your account and have no secondary account and you can't remember the stuff I mentioned then you are going to have a hard time reclaiming your account. What happens is this. They take over your account then send spam to all your contacts. I got dozens of bounced email notices, THEN two days later Hotmail flagged my account saying I violated the TOS. Then I was scratching my head trying to remember who I mailed from this specific account since I have half a dozen all with various folders, contacts, password histories, etc. I got it back, but it was not easy.

  12. Barb · 1468 days ago

    Had my hotmail email account hacked, got a new password and opened my email and it is Aribic now I can't change it back. Is it possible to change it back? Any help would be appreciated as I can't remember all my contacts.

  13. Adama Dia · 1464 days ago

    I lost my hotmail account when trying to secure it by changing the password< And finally , my account was blocked. What can I do to recover my account. I do not remember the security question test just because this account was opened more than 15 years ago. I do have in this accout very important files that I really need to get back, please help is urgently needed.

  14. PDS3-0 · 1454 days ago

    I wish Microsoft would stop blaming people for its own lousy security. My password was nothing easily predictable, unique to the hotmail account, had worked fine for 10 years, I never responded to anything that looked remotely like phishing, and then the account got hacked and now it's blocked indefinitely. So what the hell did I do wrong, except trust hotmail (a mistake I'll never make again)?

  15. hotmailSucKs · 1444 days ago

    adama dia, I too have the same problem and we arnt alone it is absolutely an outrage but there is no help number to call it's all through emails through your recovery account and if that doesnt work hotmail says oh well sucks for you and yeah... i agree to finding a different solution would be great.

  16. Jackie · 1441 days ago

    My hotmail account has been hacked and I've lost everything. My password does not work so I can't even create a new one. What can be done to retrieve my lost information. I would appreciate any information you can provide.

  17. Patrick McKee · 1439 days ago

    I recieved an email from hotmail ( I thought!!!) stating they were updating thier accounts . I believed this. It seamed real! I gave the info that was asked for. Now my account is compromised. The hackers sent out an email claiming I was in Cyprus & could you please wire me 3 thousand dollars to get home. They also change my password. I am unable to retrieve any of my hotmail . Don't let this happen to you!!!!!!

  18. Lori · 1434 days ago

    Me, too, Jackie! I can't even change the password!

  19. Lori · 1434 days ago

    I found this article for anyone interested in saving your hijacked account:

    Not sure it works yet, but I'm going to try it!

  20. brenda sherrell · 1308 days ago

    I am going to try what you have advised Lori. I have been unable to access my account for about three weeks now. I have tried everything I can think of with no avail. How frustrating is this.

  21. William · 1286 days ago

    My account was hacked yesterday and spam went out to all of my contacts. Apparently this is a common problem with Hotmail and they could care less. They tend to put all of the blame on the account holder for being stupid. I have had my account since 1998 with no problems whatsoever but now that I have been labeled as stupid by hotmail and the fact that there is no way to contact them personally about this matter I will be going after hotmail tooth and nail since obviously this is an internal affair with them. I have always trusted hotmail with my paid account services but no more. HOTMAIL TAKES NO RESPONSIBILITY FOR A KNOWN PROBLEM IN THEIR SECURITY.

    Just say no to hotmail, I have but that does not change what has already taken place.

  22. Bhim · 1272 days ago

    HI, My hotmail account has been hacked yesterday. Message sent by someone to all my contact list.

  23. As a tech I see scores of people getting their accounts hacked where they did nothing wrong. It's always, AOL, Yahoo and Hotmail. My hotmail was hacked this week and I don't even use the account except for the occasional hotfix download or partners forum login. Microsoft can blame whoever they want, but they are the ones being breached. I've changed my password but here is the website they forward me to when trying to get into my account (and I've checked it from multiple computers and browsers):

  24. Paul · 1259 days ago

    ,,Recently lost SIX years of correspondence and saved mail...informed to look for an explanation and fix through my alternate email account...still's been days.
    Great job msn 'live' whatever...LIARS!

  25. joyce · 1253 days ago

    i am absolutely shocked thathotmail do not have adequate secrity to stop this nonsense. peopleslivlyhood depend ontheir email address

  26. guest · 1252 days ago

    I thought it would be hard to hack me but guess what - they did it, using my e-mail and name to ask friends for money by saying I was trapped in another country and to western union the money. I re-claimed my e-mail changed all paswords and added more security. Still we all know it can happen again. Does anyone know who goes after these $#%$^^^ bitch__ who really put me in a embaressing position. Is there like a group of people who goes after these hackers and beat them up (I wish) Is there a person or office that can assist in capturing the hackers??????

  27. hill · 1188 days ago

    I got hacked on 4th of July. My friends got an e-mail saying I was stuck in Cyprus and needed $2200. What happened prior to that is I got a message from MSN (I thought) stating that my account would be cancelled in 24 hours if I did not update the information that was created. Being a novice and being naive, I sent the information. If MSN sends you a message, how do you know if it is real. I am still attempting to retrieve my two hotmail accounts--they both were hacked

  28. BUBBLES · 1159 days ago

    Weeks after weeks of Hotmail HACKING...

  29. DEWARD · 1151 days ago

    This would be great ...., if it worked. If you're hacked, you are the one who suffers because Hotmail freezes your hotmail account and sends you countless emails asking you to identify yourself with personal information. After 7 days, you get another email saying they didn't accept your answers ...., try again and wait another 7 days. I've been doing this for 3 weeks now. Still no email. Don't make the mistake of allowing hotmail to link your other email accounts to the hotmail homepage. They will all be disabled too! I could care less about the email accounts but they also freeze your CONTACTS. That's right ...., your entire contact list is unavailable. You can't even explain to your friends and family why you are not responding to their emails. As soon as this is resolved, I will have nothing to do with Microsoft. Ever.

  30. Susan Reid · 991 days ago

    I would like to know how Microsoft has fixed this problem. I know someone who cannot get into her hotmail and she has created other accounts and every time she tries to get into them the password does not work. Would they be updates for the windows software? I would not be surprised if my friend does not update her computer very often.

  31. Laila · 868 days ago

    I got hacked few days ago and couldn't remember any of the security questions. So I called "Microsoft support" and they said that for $150 they could help me fix the problem. This is a joke, I have had this account for so many years and they are not even willing to help.

  32. Hi,

    I wanted to ask that one of my friend's hotmail account has been hacked and I receive spam mails from that account. I reported that mail as "My friend's been hacked!" Will that thing take action against that and restore the friend's account back? Because I don't think it will because when I clicked that button, It just moved into the Junk rather than begin reported to hotmail and says that Junk mails are deleted after 10 days. Any volunteer who can help? Please reply as soon as possible. Thankyou!

    Rahib B.

  33. Another Disgruntled hotmail user · 693 days ago

    ha!!! This has been happening to me too! When I contacted the HOTMAIL support team.... they tried asking me to pay them $250.00.

    I told them that would not be happening.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley