The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.
Email hacked... twice... how?
Stonecutter
Registered User regular
Registered User regular
I had been using hotmail
I have an ebay account
Firefox
Zone alarm
AVG scans every morning after updating
XP SP 2
...
It all started last friday night. I got an email from ebay regarding something to do with my account, being the cynic that I am, I skimmed it, figured "spoof" clicked delete. A short while later I saw an MSN messenger (or whatever the fuck it's called now) pop up that I had received another email, I only caught the pop up out of the corner of my eye and I thought it said ebay. I was in a few aim convos at the time and I had a pizza in the oven so I didn't really pay attention to it, I thought it probably was an ad or a security notice because I had just been spoofed.
Pizza done, convos over, another pop up comes up, and it looks like another ebay notice, intrigued as I had no pending auctions I go to my hotmail account and see only one email from ebay, and it's a password change conformation. I click it and think... I didn't request a password change, now my radar's up and I start putzing around ebay looking through the security information, trying to find someone to contact. I'm in the middle of this and I had to leave for work (I work midnight to 6 am.)
I get to work, and I try to access hotmail, it tells me my user name or password is incorrect, so I try a few more times... nothing, I KNOW I typed it properly, I used one damn finger the third time, so I go to "forgot my password" the secret question has been changed and the secondary email was set to the account I was trying to get into (To be honest, it might have been set to that the whole time, I don't know for sure, but the secret question WAS different)
So now I'm locked out of my email, I spend the rest of the night worried sick, I get home, open up firefox, try to get to hotmail and because the previous session hadn't expired, I was able to get back in, I immedately changed my password and secret question, then request a new ebay password. From ebay I'm able to see that I had numerous password change requests made from an IP that I didn't recognize, and somebody was trying to run a scam with my account (the one where you try and arrange sale outside of ebay, with shipments to West Africa or Indonesia yadda yadda yadda.)
I tie up all the loose ends, I guess no big deal, I just had my wits scared out of me and now I need to change all my credit cards. I fire off an email to all my contacts informing them of what happened etc.
So THEN a few days later (wednesdayish) I try to log into hotmail, and I cant. Multiple attempts later and I try ebay....
Can't fucking log into ebay either.
So it's happened AGAIN. I try contacting hotmail support (which is an online form only) they gave me a whole boatload of questions to verify my account, I gave them WAY more information than they asked me for to prove it was me (name, country, postal code, IP address, names of contacts, names of folders I had created, subject lines of four year old emails, what recent archived conversations were about) I get a one sentence response from hotmail "the information you provided does not match the account profile"
Now ok, I can understand the turd deleting massive amounts of emails and all of my contacts and folders, but wouldn't microsoft still have access to that stuff, or, wouldn't they be able to see that the contents of the account had been recently purged? I'm guessing they A) don't give a fuck and
didn't actually do anything because in the three emails I exchanged I got responses from "Mary-Ann" "Arther" and "Danielle"
So to make a long story LONGER (I wouldn't blame a soul for a TL,DR on this one) I'm not internet retarded, I didn't just hand over my account information to anyone, my security suites are decent, I'm the only person who uses my home computer, I trust the other people that use my work computer, and while I suppose it's possible he got the first password at work, I never entered the second password at work. I'm planning on wiping my hard drive later this weekend for good measure, but I can't help but think "if he was able to get ME on this, surly there's got to be thousands of email accounts owned by the bipeds of the forest that would be much easier to farm.....
So basically
GOD DAMN IT, WHAT... WHAT THE FUCK MAN????
I have an ebay account
Firefox
Zone alarm
AVG scans every morning after updating
XP SP 2
...
It all started last friday night. I got an email from ebay regarding something to do with my account, being the cynic that I am, I skimmed it, figured "spoof" clicked delete. A short while later I saw an MSN messenger (or whatever the fuck it's called now) pop up that I had received another email, I only caught the pop up out of the corner of my eye and I thought it said ebay. I was in a few aim convos at the time and I had a pizza in the oven so I didn't really pay attention to it, I thought it probably was an ad or a security notice because I had just been spoofed.
Pizza done, convos over, another pop up comes up, and it looks like another ebay notice, intrigued as I had no pending auctions I go to my hotmail account and see only one email from ebay, and it's a password change conformation. I click it and think... I didn't request a password change, now my radar's up and I start putzing around ebay looking through the security information, trying to find someone to contact. I'm in the middle of this and I had to leave for work (I work midnight to 6 am.)
I get to work, and I try to access hotmail, it tells me my user name or password is incorrect, so I try a few more times... nothing, I KNOW I typed it properly, I used one damn finger the third time, so I go to "forgot my password" the secret question has been changed and the secondary email was set to the account I was trying to get into (To be honest, it might have been set to that the whole time, I don't know for sure, but the secret question WAS different)
So now I'm locked out of my email, I spend the rest of the night worried sick, I get home, open up firefox, try to get to hotmail and because the previous session hadn't expired, I was able to get back in, I immedately changed my password and secret question, then request a new ebay password. From ebay I'm able to see that I had numerous password change requests made from an IP that I didn't recognize, and somebody was trying to run a scam with my account (the one where you try and arrange sale outside of ebay, with shipments to West Africa or Indonesia yadda yadda yadda.)
I tie up all the loose ends, I guess no big deal, I just had my wits scared out of me and now I need to change all my credit cards. I fire off an email to all my contacts informing them of what happened etc.
So THEN a few days later (wednesdayish) I try to log into hotmail, and I cant. Multiple attempts later and I try ebay....
Can't fucking log into ebay either.
So it's happened AGAIN. I try contacting hotmail support (which is an online form only) they gave me a whole boatload of questions to verify my account, I gave them WAY more information than they asked me for to prove it was me (name, country, postal code, IP address, names of contacts, names of folders I had created, subject lines of four year old emails, what recent archived conversations were about) I get a one sentence response from hotmail "the information you provided does not match the account profile"
Now ok, I can understand the turd deleting massive amounts of emails and all of my contacts and folders, but wouldn't microsoft still have access to that stuff, or, wouldn't they be able to see that the contents of the account had been recently purged? I'm guessing they A) don't give a fuck and
didn't actually do anything because in the three emails I exchanged I got responses from "Mary-Ann" "Arther" and "Danielle"So to make a long story LONGER (I wouldn't blame a soul for a TL,DR on this one) I'm not internet retarded, I didn't just hand over my account information to anyone, my security suites are decent, I'm the only person who uses my home computer, I trust the other people that use my work computer, and while I suppose it's possible he got the first password at work, I never entered the second password at work. I'm planning on wiping my hard drive later this weekend for good measure, but I can't help but think "if he was able to get ME on this, surly there's got to be thousands of email accounts owned by the bipeds of the forest that would be much easier to farm.....
So basically
GOD DAMN IT, WHAT... WHAT THE FUCK MAN????
Stonecutter on
0
Posts
@gamefacts - Totally and utterly true gaming facts on the regular!
Can't get in. >.<
@gamefacts - Totally and utterly true gaming facts on the regular!
If your email is compromised, you really should be canceling all attached accounts. Or atleast changing them over to another email address.
First password was 10 characters
Second password was 14 character, case sensitive, alpha-numeric
I think not.
I've begun changing over all of my associated accounts
key logger on your computer?
This thing is, though, if your first password was just a word then it's really easy to crack by using a dictionary attack. And then once they're in, changing the secondary email to get any future passwords wouldn't be a hard job.
@gamefacts - Totally and utterly true gaming facts on the regular!
Formatting and reinstalling Windows can always help if you want to be absolutely sure
It should show you who the service provider is. Contact the provider, inform them that you believe this IP is performing illegal activities having to do with scamming and stealing accounts.
That's not a really fast solution, but it might prevent it from happening in the future.
most of all, most of all
someone said true love was dead
but i'm bound to fall
bound to fall for you
oh what can i do
Your password was not guessed if what you say about its complexity is true, and it wasn't brute-forced. Nobody "hacks into" hotmail or ebay to get accounts. They generally get malicious code to run on you (cross-site scripting attack usually) and get it that way, or they get it through a phishing attack, but you sound savvy enough to avoid phishing.
My money's on cross-site scripting exploit. You'll probably never know where or when you got hit, but once malicious script controls your browsing session, they can get anything you enter into the browser window.
What someone did was request a password change for your account, which is normally used to recover your account. They hoped that you would blindly click it, and you did.
What they more than likely did after that was change the "backup email" in those accounts to theirs, so when you took back your account they just had a password recover email sent to theirs again and they re-took it.
You need to call eBay and tell them what's up.
I read the email, I didn't actually follow through on the change.