Hotmail - Security info replacement email
Discussion
Today I received the following email on an old Hotmail account I have but rarely use. I initially thought it was a scam, but after doing some investigation it was legitimate. After logging into the account I could see that someone else had tried to access the account from the USA. My question is this, the password is a random selection of letters and numbers, so how has someone got access to change my security details on this account?
Luckily they had to wait 30 days so I reset everything and changed the password.
"Microsoft account team <account-security-noreply@accountprotection.microsoft.com>
13:54 (2 hours ago)
to me
Microsoft account
Security info replacement
Someone started a process to replace all of the security info for the Microsoft account joeydeacon@hotmail.com with the following info:ncj5g5om@exelica.com.
If this was you, click the button below to bypass the waiting period by using your existing security info.
This was me
If this wasn't you, someone else might be trying to take over joeydeacon@hotmail.com. Click here and we'll help you protect this account.
If you don't recognize the Microsoft account joeydeacon@hotmail.com, you can click here to remove your email address from that account.
Thanks,
The Microsoft account team"
Luckily they had to wait 30 days so I reset everything and changed the password.
"Microsoft account team <account-security-noreply@accountprotection.microsoft.com>
13:54 (2 hours ago)
to me
Microsoft account
Security info replacement
Someone started a process to replace all of the security info for the Microsoft account joeydeacon@hotmail.com with the following info:ncj5g5om@exelica.com.
If this was you, click the button below to bypass the waiting period by using your existing security info.
This was me
If this wasn't you, someone else might be trying to take over joeydeacon@hotmail.com. Click here and we'll help you protect this account.
If you don't recognize the Microsoft account joeydeacon@hotmail.com, you can click here to remove your email address from that account.
Thanks,
The Microsoft account team"
Never used Skype with the email account before. The only thing I can think of is I used that account to sign up to some forum or something years ago and the password was the same.
That seems like the most likely scenario, luckily it is just a disposable account I use to sign up to crap so my main account doesn't get spammed.
That seems like the most likely scenario, luckily it is just a disposable account I use to sign up to crap so my main account doesn't get spammed.
I don’t think they’ve got your password here.
They’ve followed the Forgotten Password process for your account and tried to register their email address as the backup address for the account, to allow them to reset the password unfettered in future.
If they had the password, the could have just changed the backup address themselves and reset the password, locking you out of the account immediately. Or they could have just deleted the security notification from your mailbox before you’ve seen it.
Looks like the safeguards in place have done exactly what they’re supposed to and foiled the hijack attempt. I’d probably change the password and enable MFA anyway.
They’ve followed the Forgotten Password process for your account and tried to register their email address as the backup address for the account, to allow them to reset the password unfettered in future.
If they had the password, the could have just changed the backup address themselves and reset the password, locking you out of the account immediately. Or they could have just deleted the security notification from your mailbox before you’ve seen it.
Looks like the safeguards in place have done exactly what they’re supposed to and foiled the hijack attempt. I’d probably change the password and enable MFA anyway.
Ah - interesting, I didn’t know that. I have a Hotmail account for just the same purposes as the OP.
It gets a ton of spam and I don’t routinely look at it - which does mean I miss those slightly strange forum members who want to have side discussions! I best keep an eye on it. It does have 2FA, could this still happen?
It gets a ton of spam and I don’t routinely look at it - which does mean I miss those slightly strange forum members who want to have side discussions! I best keep an eye on it. It does have 2FA, could this still happen?
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff