What happens when a Windows Live account is hijacked

Dick Craddock of Windows Live explains on the Inside Windows Live Blog:

At Hotmail, we know that account hijacking is a big problem, and we continue to work hard to prevent it. We’ve noticed a couple of things about hijacked accounts. First, many accounts have weak passwords that make them easy targets for hijackers. Second, when someone’s account gets hijacked, their friends often find out before they do, because the hijacker uses their account to send spam or phishing email to all their contacts.

These two observations led us to develop a couple of new features that help protect your accounts. The first lets you report a friend’s account as compromised – a feature unique to Hotmail – and the second prevents you from using common passwords that make your account easy to hack.

Getting spammed by a friend

Maybe you’ve had this happen to you: You sign in to Hotmail, and you see you’ve got new mail from one of your friends. You open the message only to discover that it’s spam! Maybe it’s obvious spam – like an ad for a product. Or maybe it’s a more involved story – like a plea for money, with an explanation that your friend is stuck in a foreign country and needs cash, when you know for sure that your friend is safe and sound at home.

Whatever the case, one thing is for sure: this email isn’t really from your friend at all. Instead, it’s from a spammer who has hijacked your friend’s account. When this happens, you probably call or text your friend or contact them on an alternate email address to let them know that their email account has been compromised. But you wish you could do more.

Now you can. Hotmail lets you report your friend’s account as compromised. It’s easy: When you get that spam message supposedly from your friend, you just click “My friend’s been hacked!” on the “Mark as” menu:

My friend's been hacked! on the Mark as menu

You can also report an account as compromised when you mark a message as junk or otherwise move a message to the Junk folder:

Moving messages to the Junk folder

What happens under the hood

Our compromise detection system is always working in the background to detect unusual behavior. When we detect bad behavior from an account (like an account that suddenly starts sending spam), we mark that account as compromised. It’s a bit like your credit card company putting a hold on your account when they detect suspicious activity.

When you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise. So, when you help out this way, it makes a big difference!

Once we mark the account as compromised, two things happen:

  • First and foremost, the account can no longer be used by the spammer.
  • When your friend attempts to access their account, they’re put through an account recovery flow that helps them take back control of the account.

Making it work with all accounts

We released this feature a few weeks ago. Initially, it only let you report Hotmail accounts that were compromised. But it worked really well – we got thousands of reports of compromised accounts.

Of course, we didn’t want to stop there; we wanted to go a step farther and make it work for any email account. After all, even if you’re a Hotmail user, you probably get email from friends using other email providers, and those accounts can get compromised, too.

We did the work to enable other email providers like Yahoo! and Gmail to receive these compromise reports from Hotmail including those submitted by you, and those providers will now be able to use the reports in their own systems to recover hacked accounts.

So now, in Hotmail, you can report any email account as compromised, and Hotmail will provide the compromise information to both Yahoo! and Gmail.

How well is it working?

We’ve had this feature turned on for only a few weeks, and we’ve already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their accounts. And we’ve found it to be very effective and fast. Accounts that you report as compromised are typically returned to the rightful owner within a day.

An ounce of prevention is worth a pound of cure

Of course, we don’t want to just detect when accounts are compromised; we want to prevent them from being compromised in the first place. That’s why we continue to innovate and build more features to help protect your account.

We‘re making another addition to the long list of account security and protection features that we’ve released over the last year. We will now prevent our customers from using one of several common passwords. Having a common password makes your account vulnerable to brute force “dictionary” attacks, in which a malicious person tries to hijack your account just by guessing passwords (using a short list of very common passwords). Of course, Hotmail has built-in defenses against standard dictionary attacks, but when someone can guess your password in just a few tries, it hardly constitutes “brute force!”

Common passwords are not just “password” or “123456” (although those are frighteningly common), but also include words or phrases that just happen to be shared by millions of people, like "ilovecats" or "gogiants."

This new feature will be rolling out soon, and will prevent you from choosing a very common password when you sign up for an account or when you change your password. If you're already using a common password, you may, at some point in the future, be asked to change it to a stronger password.

Of course, having a strong password is just one step to protecting your account. You should also provide “proofs,” including an alternate email address, a question and secret answer, and, even a mobile number where we can reach you via text message. You can learn more about how to set up account proofs, or go ahead and set up your account proofs now.

Join the fight

When it comes to account security, the Hotmail team is dedicated to doing all we can to help protect your Hotmail account from thieves and spammers. We’ll continue to work to protect your account with new and innovative features, and now you can join us in the fight and help protect your own account and your friends’ accounts, too.

Dick Craddock
Group Program Manager, Hotmail

Comments (1)

  1. somael says:

    My emaill add is bhai_of_all@hotmail.com

    Dear Sir,

    Please let me know that below inquiry from Hotmail or Microsoft directly.  should i fill up the form and send to them.

    thank you



    Windows Live Team Alert Confirmation®

    This Email is from Hot-mail Customer Care® and we are sending alert to all account user for safety. Due to the anonymous registration of our account which is causing congestion to our service, so we are shutting down some account and your account was among those to be deleted. The purpose of this email is for you to verify that you are the owner of this account and you are still using it by filling the information below after clicking on the reply button:

    * Full Name…………………

    * User Name:……………….

    * Password:…………………

    * Date of Birth:……………..

    * Country Or Territory:…………….

    We'll keep working on making Windows Live! the best email service around, and we appreciate your joining us for the ride.

    *Not all viruses can be detected and cleaned. Please be aware that there is a risk involved whenever downloading email attachments to your computer or sending email attachments to others and that, as provided in the Terms of Service, neither Hotmail! nor its licensors are responsible for any damages caused by your decision to do so. Please reply to this message. This is a service email related to your use of Hotmail! Mail.1 z

    Microsoft respects your privacy. Please read our online Privacy Statement.

    Microsoft Corporation

    One Microsoft Way

    Redmond, WA 98052


Skip to main content