Hotmail security updates protect you from account hijackers

Hotmail security updates protect you from account hijackers

  • Comments 61
  • Likes

Not too long ago, account hijacking was an issue limited mostly to financial service websites. Now the practice has grown to threaten other web services like email, disrupting millions of accounts every year. When an email account is compromised by hijackers, it violates the privacy of the account owner, can harm those in their address book, and adds additional costs to the services fighting the abuse. This type of identity theft costs users and services billions of dollars every year.

Example of a scam email from a hijacker

Microsoft is addressing the problem on multiple fronts. Last week we purged hijackers from legitimate Hotmail accounts that had been identified as compromised, and earlier this month we used legal action to take down a range of domains used by hijackers known as the Waledac botnet. Today, we are releasing new features to safeguard everyone’s account from hijackers. These updates help you protect your password and, in the unlikely event that a hijacker gains access to your account, provide a more secure recovery path so you will always be able to get your account back and kick the hijackers out.

Safeguarding accounts from hijackers

Hotmail starts by helping you keep your password safe from hijackers. Because hijackers:

  • Use phishing schemes like fake “official” emails or websites that ask you to provide your password, Microsoft SmartScreen® technology filters over 5.5 billion spam emails per day and warns of suspicious emails and websites. Hotmail also helps you know an email is safe by adding a shield icon next to “trusted senders” we verify as legitimate.
  • Use key loggers and other types of malicious software (malware) to steal your password, Hotmail has introduced the “single use code” a one-time password sent to your cell phone so that you don’t have to reveal your true password on public machines, risking its theft.
  • Attempt to intercept passwords on unsecure Wi-Fi networks (known as “man in the middle” attacks), we use SSL encryption to secure all connections at login. Later this fall, we will also provide the option to use SSL for the entire Hotmail session.
  • Try to guess your password by testing commonly used words, e.g., words in the dictionary, Hotmail protects your account by blocking login after multiple unsuccessful attempts. The number allowed depends on the reputation of the IP addresses being used.

Despite these precautions, account compromise can still happen. Today we are rolling out new features to detect the hijackers and help you to quickly and reliably take back your account.

Account recovery – kicking out the hijackers and keeping them out

Spammers traditionally created their own accounts, but as we’ve cracked down on this practice, they’ve resorted to hijacking and exploiting the accounts of legitimate users to send spam. With today’s release, we are taking a step forward by detecting compromised email accounts, those co-owned by the legitimate user and the hijacker. We detect them with high confidence using heuristics based on login and account activity, and stop the abuse by locking the hijacker out and closing back doors they may have set up, like using vacation auto reply messages to send spam. At the same time, we begin working with the rightful owner to reclaim the account, recognizing the urgency of the issue.

The fastest way to get your account back, whether it was locked or you simply forgot your password, is to reset the password using account proofs. Proofs are like spare keys. If you set them up in advance, you can later use them to prove you are the legitimate account owner. Up until now, we’ve offered two proofs, an alternate email address and a personal question paired with a secret answer. However, there were limitations to these. For example, only 25% of people with a secret question actually remembered their answer when needed.

Today, we are introducing two new kinds of proofs for account recovery.

  • “Trusted PC” is a unique new proof that lets you link your Hotmail account with one or more of your personal computers. Then, if you ever need to regain control of your account by resetting your password, you simply need to be using your computer and we will know you are the legitimate owner.
  • The second new proof option is your cell phone number, where Hotmail will send a secret code via SMS that can be used to reset your password and reclaim your account.

Password reset information

Additionally, today’s release is making account recovery more secure in Hotmail. Before you can add a new proof or change any existing ones, you will need to be able to access at least one existing proof. For example, if your account was already set up with an alternate email proof and you wanted to add a cell phone number as well, you would need to use the alternate email address to do it. This means that even if a hijacker steals your password, they can’t lock you out of your account or create backdoors for themselves. You will always be able to get your account back and kick the hijackers out.

Adding a new proof

If your account has no proofs set up and you lose access, then to get it back you will need to work with our support team at www.windowslivehelp.com/accountrecovery.

Account security is more important than ever, and with this release, and Hotmail is making your email account more secure than ever.

John Scarrow
General Manager - Safety Services

61 Comments
You must be logged in to comment. Sign in or Join Now
  • I sure hope Hotmail implements full-session SSL soon !

    codebutler.com/firesheep

  • My wife’s hotmail account was hijacked several days ago.  If you expect Microsoft to help get your hijacked hotmail account back via their Recovery Center, you are wasting your time. My advice is to dump your hotmail account. I gave M$ everything piece of information I have that might help recover the account to no avail.  I even offered to use my credit card to purchase the paid version of hotmail for MY hotmail account to prove who I am. I told them that I am an MSDN subscriber and even sent them an email from my work email address, and much more, but M$ would not help me. I bet if I was Bill Gates, I would get the account back. In summary, M$ service sucks.

  • When windows live helps a user get an account back and resets a password based on completing form, would it not make sense to allow users to set the default secondary email?  The hacked account of my friend continues to email the hacker when you try to add new email address, would try phone too but do I really want to give the hacker cell phone number as well.  These seems to be a big security flaw in the process of reclaiming an account.  Or at least switch the default to the email address used to contact hotmail to recover the account.

  • Aye, Bloody 'Eck!

    Mateys, I've been having a royally large PAIN trying to get a password reset on an MSN account.  

    Somehow, it quit working, and some 60 hrs ago we engaged the Windows Live folks to try to get a reset.

    A right-nice private forum was opened up real quick-like, but there's a wee problem...  It seems that *I* am the only bloke on it...   I've posted twice, but 'eard no reply...

    ELP!!!!   ELP!!!  ELP!!!      

    I'd even be willing to PAY for support- *IF* it were available- but I can't even find any PAID support options for "@msn.com" email accounts.

    My 84-year-old father 'as been locked out of 'is account for days...

    Leaves a bit of a bad taste in the mouth, it does...

    As "The Floyd" said in one of their songs...   "is there anybody *OUT* there....   is there anybody OUT *there*... :)  "

    Thanks, mates.

  • Please I need help!! Please!!

    Last Thursday I submitted the validation information requested by Microsoft for password recovery. On doing this I was issued with a PIN to check on progress with validation. Microsoft states how I could expect that either a 'change password' email or an update on required further information would be sent to me within 24 hours.

    It is now Tuesday and still nothing. Can anyone enlighten me as to what is going on??  Please.......

  • chome
    7 Posts

    Hi CAT36, the hacker's address is a yahoo.com email. I also can't start a conversation with you.

  • cat36
    14 Posts

    Chome, I would prefer to answer you in a chat but I can't seem to "start a conversation" with you.  Please check with Eric but the email may be something MSN set up. Is it a live.com address?

  • chome
    7 Posts

    CAT36, i can access my account now. The only problem i encountered now is the password reset email set by the hacker. I need to remove that address. But removing or adding required confirmation sent that hacker address. So should be just "Remove all information"?

  • Sniper
    1 Posts

    Regarding Trusted PC.

    I found that if you are not able to add your pc as a Trusted PC even though Live Essentials is already installed, updating your Linked online ID's will do the trick.

    In Windows 7 find your User Account. In the left pane click "Link online IDs". for the Online ID Provider "WindowsLiveID" click "Update credential".

    Woila. Now I am able to link my pc as Trusted PC even with Internet Explorer 9 Beta.

  • cat36
    14 Posts

    The problem I'm having now is the hacker's email is set up for receiving password reset instructions in the Account Overview page. If I remove it, the system will send the hacker a confirmation. THe other choice is to "Remove all my information". MSN do you advise this?

  • cat36
    14 Posts

    @chome I worked with Eric Fleischman who has posted on this forum. And yes the hacker reset the password. I kept going to the site that Chris Jones and others told me to go to but I couldn't get far. As Chris said you have to press CONTINUE even if you can't answer the secret question or follow the password reset instructions.  windowslivehelp.com/PasswordReset.aspx

    The problem I had is when I got to the last page which asks you for all this validation information, the screen would freeze. I think MSN was getting the information anyway. I told Eric and another support person and between the two of them I got a password sent to my alternate email (which you can set up once you fill out that validation page).

    The first thing I noticed was the mail was being forwarded so if you get that far, change that right away.

  • chome
    7 Posts

    @cat36, did the hacker set the password reset email? How did you remove it?

  • cat36
    14 Posts

    Hacker victims don't give up. My account was set free from 3 weeks in hacker control. Once you are given access to your account -- PLEASE look out for the FORWARDING ALERT . It may be forwarded to an email you did not set up.

  • PaTEk
    2 Posts

    Excuse me, but I have another solution to this problem (please translate yourself):

    patanwitold.wordpress.com/.../bezpieczenstwo-kontaidentyfikatora

  • cat36
    14 Posts

    Konops,  so far it seems that they haven't done the full identity theft thing. Looks like you and I were victim of the same type crime -- I don't want to say too much more because I'm sure the hackers are here getting ideas. Another reason why I think it's insensitive of MSN to force us to use the medium which left us so vulnerable in the first place to seek help.

    We let them know our accounts are compromised which could also mean our computers as well and then they want us to hop right online and provide account details.

  • Konops
    1 Posts

    I must be the 20% waiting for help.  At least abuse@hotmail.com assisted in blocking my account while I verify my identity.  I too rec'd the hackers email ga*****@gmail.com when I tried to reset.  Can someone answer this, what do they actually do with my account other than to try to get my contacts to send them money?  I am a computer novice so this whole thing has me baffled and extremely frustrated.  Are they stealing my indentity while I am waiting for customer service to help me?

  • Hmm, Okay.. No one helped me, but I found the way out by myself..

    To add a trusted PC, I installed the final version of Windows Live Essential 2011 (as told in the notification), and then, my curiosity guides me to used the IE 9 Beta to access my Hotmail to set up my account setting (I usually used firefox to access it). I click 'add' in the Trusted PC section, and then voila'..! No more notification that told me to install the WLE. I simply just typing the name of my computer, and Hotmail sent me a confirmation message to my another e-mail address.

  • langware
    154 Posts

    @Eric,

    I've accepted your friendship request.

    @John,

    Thanks for the reply.

    If 80% of notified users have kicked out the hackers (good news), and recovery of the remaining accounts should be completed in 72 hours (also good news), then what are your objectives for the reduction in frequency of hijacked accounts being reported in the Windows Live Solution Center (WLSC)?

    Currently, customers reporting account hijackings make up a very large portion of the posts in the WLSC. All good strategic plans have clearly defined and measurable objectives. Does your objective for success include a specific percentage reduction in reported hijackings (as seen in the WLSC) within a specific timeframe?  If reduction in reported hijackings is not one of your objectives, can you share with us customers how and what you will measure to insure that your plan has been successful?

  • As noted previously, this is a significant problem for the industry at large and underscores our investments around strong proof technologies and better recovery processes.  At the time of this post more than 80% of notified users have kicked the hackers out and successfully recovered their accounts.  This still leaves a significant number of accounts that were unable to complete the automated process thus requiring an agent interaction.  The agent verification process is extremely thorough to insure only the rightful owners regain access and is the reason folks are experiencing longer than normal delays.  We anticipate that recovery for the remaining accounts should be completed in the next 48 to 72 hours.

  • @langware...I'm going to 'friend' you on the blog site so we can email back and forth (so please accept!). I suspect we'll go back and forth with ideas a few times...probably easier to not spam the blog. :)

  • langware
    154 Posts

    @Eric:

    Thanks for the quick response.

    If all one needs (for the Trusted PC feature to work) are a few DLLs, then yes .... I do think that a separate installation would be better for those who just want the security feature and do not want the entire Windows Live Essentials package.

    You mentioned that you did not think customers would find and install the components (needed for Trusted PC). The needed components (I assume them to be DLLs) could easily be packaged into a self installer. As far as customers finding them, that should not be a problem .... customers should not have to find them.

    Just change the message displayed (when the Trusted PC option is selected but the necessary components have not yet been installed on the customer's PC) from stating that Windows Live Essentials is required, to giving the customer two choices: (1) install the full Windows Live Essentials package, or (2) just installing the basic DLLs needed for the Trusted PC feature. Let the customer decide which to install.

    I would also include a "more information" button showing the details of what gets installed for each choice: (1) the components/apps of the Windows Live Essentials package and (2) the names of the basic DLLs that will be installed. In that way, your security features get propagated and the customer has information and is able to control what software will be installed onto their PC. A win-win!

    What do you think?

  • cat36
    14 Posts

    Oh my goodness.  I just followed the password reset intstructions and got the message that instructions were sent to "os*****@hotmail.co.uk " this adddress. I think this is the Hacker.   WHO DO I TELL?

  • cat36
    14 Posts

    Hi Eric, Chris tried to friend me also but I no longer see that invitation nor do I see yours. Apparently I'm "following you". How do I accept your invitation? and I have been to the link Chris suggested several times but those solutions don't seem to work for me. Thanks again please help me find you.

  • @langware...good question.

    Algorithmically, in building this feature, we took a dependency on a set of components which help us deliver the feature. These components are not on your PC already. These components are delivered as part of the suite itself.

    So while there's no dependency on parts of the suite (ex: you don't need the apps in the suite to use trusted PC) we do need some of these shared components which are delivered via the suite installer.

    In theory we could break these components out of the suite and offer a separate download (I mean, it's just software :)). We thought about this, but in the end we couldn't convince ourselves that anyone would actually find & install these components...and saying "install the suite" is giving clear, simple guidance to people that they can easily follow.

    If you think we should have offered a separate download of just this component, that would be really useful feedback. Let me know.

    I hope that makes sense...

  • langware
    154 Posts

    @saltypaddy:

    Thanks ... you are correct. Microsoft's product naming conventions are confusing, and I mixed up "Windows Live Essentials" , with "Microsoft Security Essentials".

    Of course, that makes the requirement for Windows Live Essentials (Photo Gallery, Movie Maker, Windows Live Mail, Messenger, Writer, Family Safety) ... in order to use the new Trusted PC option ... even more absurd.

    @John Scarrow:

    Care to comment on why Windows Live Essentials is a prerequisite for the Trusted PC option, and when that requirement will be removed? If Microsoft is truly interested in having customers use the new security features to help prevent hijackings, then why not remove the prerequisite for Windows Live Essentials?

  • HeinrichP
    18 Posts

    What about making compatibility with Skype. - like chatting and video-chatting. That would be G-R-E-A-T !!!!

  • chome
    7 Posts

    @Eric, can you help me also? I am helpless. Many thanks.

  • @cat36...I'm trying to reach out to you to give you a hand offline, but apparently the site requires that I friend you in order to do this. I just sent you the request. Please accept so we can connect over email and I can try to help.

    (Yes, I'm a real human. Honest. :))

    We're working through the support requests as they come in, so please do go through the form and give us a chance to help. Earlier in this comment stream Chris pointed cat36 at the request form, and that's definitely the right place to start.

    Thx,

    ~Eric

  • @langware, "There are many other security products available that are as good as, if not better than, Windows Live Essential (based on published reports from independent tests)."

    hmm,, I'm not sure Windows 'Live' Essential is a security product. Microsoft 'Security' Essential is a security product.

  • cat36
    14 Posts

    That's funny Chome. I was thinking that myself. I believe the answer is, No. No Windows Live people are here.They've all moved on to ignore other people.

    ...and Yes. We are just talking to ourselves.

  • chome
    7 Posts

    @Chris, if you are paying for your service i think it will be easier for you to recover your account. Most of the victims are using free hotmail service, the chances that the accounts being recovered is very slim... it's has been more than 7 days and they haven't replied me yet. You know what, i called the Microsoft Singapore to change my MCP Members login to another email address (previously the Windows Live ID was hacked and cant login anymore), after verifying my identity, they changed immediately! The whole process doesn't take longer than 15 minutes!

    I wonder if there is any Windows Live Team people reading these comments here, or we just talking to ourselves.

  • cat36
    14 Posts

    Does anyone know how to get a hold of MSN support person Christian S?  Several people have thanked him for unblocking their accounts.

  • cat36
    14 Posts

    Am I the only person left on the planet that actually pays for MSNs service? For the longest time, I paid for MSN as an ISP. Only recently did I just start paying only for the email. I assume I'm getting more storage than if I didn't pay -- and I certainly use a lot of it. I thought I was getting greater security as well.

    For those who don't pay, rest assured the service isn't any better.

  • Hmmm... the more I read these blogs talking about the "new" hotmail, the more I read of people having problems accessing accounts and problems accessing competent support.  And the more I read of that, the more I am convinced that "Custom Computers" is right in bidding adieu to Live/Hotmail.  I was waiting (for a long time) for SSL to come to Hotmail so I could feel a little more confident using the webmail.  But now, with all these continued issues that so many Live/Hotmail users are experiencing, the more I definitely want to avoid that kind of frustration for myself.  I'm saying "Good-bye" to Hotmail.  I think paying a nominal price for something like Fastmail is more what I need to do at the moment for peace of mind.  Much better CS, too.  I hope all the remaining Hotmail users get their problems resolved, though I must say I'm not sure why so many people who are experiencing such frustration with this service continue to use it when there are so many others out there.

    Cheers !

  • langware
    154 Posts

    I just attempted to add a Trusted PC and received the following message:

    You can't add a trusted PC right now ...

    To add a trusted PC to your account, you need to have Windows Live Essentials installed.

    Apparently your new and improved security feature will ONLY function if the customer has installed Windows Live Essentials. You cannot possibly be naive enough to believe that all of your customers have installed (or will agree to install) Windows Live Essentials. There are many other security products available that are as good as, if not better than, Windows Live Essential (based on published reports from independent tests).

    I find the requirement for Windows Live Essentials (in order to use the new Trusted PC feature) to be offensive. This requirement appears to be Microsoft's attempt to force customers to use Windows Live Essentials. However, this requirement has only disenfranchised many of your customers by preventing them from  using Hotmail's "new and improved" security features ... thus your new security features will have much less impact on preventing hijacking.

    You need to REMOVE the requirement for Windows Live Essentials.

  • Nicola
    1 Posts

    I cant access my hotmail account.  Since the 27 September 2010.  I need help urgently.  What is hotmail doing about the people that have been wrongfully locked out of their email accounts?  You ask us to trust you with our information but then when something happens nobody pays you any attention.  Yes the service is free but what does that mean?  That we are ignored when something goes wrong?  Hotmail please help your supporters access their hotmail accounts again.  Please dont lock the rightful owners of the accounts out.  Help urgently please.

  • Hello, I am from Greece and many many people are dealing with a major problem. I cannot loggin to my account for several days now because it says that I have tried too many times to sign in and it's blocked!! This happened suddenly and I have tried many times to reset my password. All things work properly even sending me an email confirmation at my alternate email but still I get tha same problem. The thing is that noone is helping us in Greece and the Greek forum is full of desperate people asking for help! So I am wondering if you could help me recover my account since I haven't done anything wrong and I am blocked out form hotmail and messenger! I need my account because I have very important contacts of my work and archives that I need to download. Please help me!

  • langware
    154 Posts

    Several people who posted comments here have stated that in order to add a trusted PC ...  Windows Live Essentials is required. We need a definitive reply (from Chris Jones, John Scarrow, etc) ... please answer the question:

    Is Windows Live Essentials required in order to add a trusted PC.

    John's article stated that Microsoft is "detecting compromised email accounts" and "locking the hijacker out and closing the back doors they may have set up". Coincidentally, posts on the Windows Live Solution Center show a huge increase in customers complaining about being locked out of their account. A sticky thread was set up today titled "Can't sign in, prompted with “too many failed sign in attempts” error". In one day it has accumulated 83,764 views and 1522 replies. Clearly, many customers are impacted by this problem.

    John's article stated that "We detect them [hijackers] with high confidence using heuristics based on login and account activity". However, given the large number of customer complaints, could your heuristics be flawed and could you have managed to lock out many legitimate customers along with the hijackers. Again, how about a response from Chris or John to this question:

    Is there any correlation between the large number of customers currently complaining (on the Windows Live Solution Center) about not being able to access their Hotmail account and the new process that Microsoft implemented to lock out hijackers from compromised accounts?

    The changes outlined in John's article are good first steps, but defeating the hijackers will take more than the steps described in John's article. Have you considered any of the following ...

    1. An option that allows users to specify a default IP address. If an attempt to sign on to Hotmail does not originate from the user's default IP address, then the user's secret question(s) or other "proofs" must be successfully answered before the sign on is accepted.

    2. An option to warn the user if there was more than one computer currently signed on to the account (possibly indicating that a spammer was in the process of hijacking the account).

    3. Insert a warning (telling the recipient not to respond) into every phishing message that claims to be from Microsoft and asks for the recipient's Hotmail password. These phishing messages are a scam and only result in user's accounts being hijacked (if the user responds to the official-looking message).

    4. A table showing the last 10 sign-on attempts to the user's account ... with the IP address and date/time of each sign-on.

    5. A two-factor authentication process similar to what Google announced on Sept 20 ... where customers who elect to use this feature are required to provide a password and a code (sent to their mobile phone) in order to sign in.

    If you do not see a significant decrease in the frequency of account hijacking within a few months, what additional steps will you be taking to address the current epidemic of Hotmail account hijackings?

  • cat36
    14 Posts

    Reviewing the forums will tell you that most of us:

    CAN'T RESET OUR PASSWORDS neither online nor on the phone.

    CAN'T ANSWER OUR SECURITY QUESTIONS. WHY? Hackers changed the question and answer

    NOT SURE WHAT ALTERNATE EMAIL IS BEING USED.  WE DON"T GET AN OPPORTUNITY TO CHANGE OR EDIT  IT or ensure that it is indeed the one we set up.  

    HAVE WAITED THE REQUISITE 24 HRS and BEYOND for the system to do whatever it needs to do w/our password resets.

    MSN, YOU KNOW ALL OF THIS.  WHY ARE YOU BEHAVING LIKE OUR PROBLEMS ARE SO UNIQUE AND UNUSUAL. GOOGLE IT. BING IT. LOOK IN YOUR OWN FORUMS!  

    YOUR CUSTOMER SERVICE IS SO BAD I FEEL LIKE I'M BEING "PUNKED".

    MSN, if you don't want to provide phone service, at least give useful online help.   Can we change our secret question over the phone? Can we set up an alternate email over the phone?

    I have successfully validated my identity over the phone w/MSN using billing information. However, none of the other fixes work. I'd like to try the location and unique computer address but NEED YOUR HELP MSN. And by help, I mean a genuine response from a human.

  • cat36
    14 Posts

    Thank you Chris.   I know you were trying to help.  

    But if anyone from MSN is out here, can you please get someone online who cares.  Nothing you are telling us is working. These forums and links all bring us (hacking victims) to the same place.

    How can we have any confidence in your new upgrades? What is it that we have to do for you to listen to us? Pay more?  Buy some supplemental product? Our accounts have been hijacked but it feels like MSN is holding us hostage.  We're just trying to meet your demands.

  • Sorry my grammar. I have problems with this news functions.

    I try to add my cel but my country, Perú, is not in the list.

    I try to add my PC but I must to have install Windows Live Essentials. So I use the link to download WLE, but when I start the installer (after I download it) I don't see any program named Windows Live Essentials. I see a lot of programas, but ony 3 I do not install: toolbar, parental control and a complement for Outlook.

    What can I do?

    Please, sorry my grammar

    Regards from Lima, Perú

  • chome
    7 Posts

    @Chris, i was in the private forum since my account was hacked. I posted a lot of comments and the Windows Live Team last reply was on 23 Sept. Should i continue to wait? Windows Live Community forum doesn't help at all, a lot of users with the same problems end up create a new account! I am quite sad and dissapointed because i have tried all the Microsoft support / call, and was told that Windows Live Team is the only one who can help me. Where are they? I have no idea.

    The last reply from them was:

           1. Review the answers you provided, then provide additional information.

           2. Attempt to sign in again at: http://account.live.com

           3. Create a new account.

    For (1), i have already provided those info as much as i can. For (2), the account was "lockout",  i dont think i can sign in again. For (3), if i really want to create a new account , i will not go through the "Password Recovery Process".

    What i expected from the team is a more flexible way of verifying the identity. I even sent them a photo i took that day (i have a MSN Live Spaces, i uploded many photos last time), so that they can compare but no answer is given?!!

  • @logos, SSL for windows live logon has been turned on by default for a little while now.  Every time I sign on I automatically get redirected to a HTTPS url.

  • Thanks for the update. Great new security features!

  • As a security consultant I wish to thank you @John & @ Chris for the information provided.  However, though my Hotmail account has never been comprised and states my Windows Live profile is only 92% complete with out the cell phone number added.  It will remain as such!  Considering all the stupid moves of the WL Team of late...change, change, beta test,beta test, update, update I will not be using Windows Live nor will many of the SMB's and students I support effective 1/01/11. We have all seen enough..thank you!  You have had my support since he early days of 2004 but enough is enough!

    You all have proven to me that your social networking element is an ongoing & never ending change which has confused the user base beyond repair.  We have total confidence that a stable and constant release will never exist!  Your CEO recently stated, "we are all in the cloud" but failed to add, "with our heads up a posterior body part"

  • logos
    16 Posts

    sorry for not posting everything in the same comment, but I forgot to mention that if ssl has been available for a while at login time for hotmail, the default is still plain http, can't you just get rid of that and make https the default?

  • logos
    16 Posts

    adding to my last comment here: "was about time" :))

  • logos
    16 Posts

    good thing about complete hotmail sessions in ssl mode; I've been requesting that more than once on the live forums ;)

  • I have tried EVERYTHING, reset my password, still can't login.  Have code sent to my cell phone, still can't login.  Go to Windows "Solution" Center, reloads the same page instead of allowing me to proceed.  Customer service is non-existent and in the meantime, I can't access my contacts or info in my email.  Help?

  • Is there customer support for hijacked Hotmail accounts?

  • @cat36, @chrome Please go to windowslivehelp.com/PasswordReset.aspx and click the Continue button at the bottom.  This will connect you to our private forum for support of account compromise.  Thank you - Chris Jones

  • I  have few problem which i would like to discuss

    1) when i tried to put my phone no. in hotmail they dont have my country listed on it  SO SECURITY FEATURE NO.1 IS NOT WORKING.

    2) I tried to add a trusted PC to my account. It says that I need to install a Windows Live Essentials on my PC.  I'm already using Windows Live Essentials BetA (LATEST) ADDED MY PC AS TRUSTED PC BUT OF NO USE IT WAS JUST FOR SHOW. SO OPTION 2 ALSO GONE.

    3)How could I add a trusted PC then?

    4) WHATS THE USE OF THESE FEATURES IF THEY ARE NOT WORKING IN SOME COUNTRIES ?

    HOPE I WILL GET ANSWERS FROM SOME MICROSOFT PERSON.

  • I tried to add a trusted PC to my account. It says that I need to install a Windows Live Essentials on my PC.  I'm already using Windows Live Essentials Beta.

    How could I add a trusted PC then?

  • adacosta
    91 Posts

    Thanks Ravi, will try that.

  • cat36
    14 Posts

    What "Chome" is describing is what so many of us are experiencing.  My account has been compromised and inaccessible to me after passing many validation tests over the phone and receiving password resets online for the past 17 days.

    Even if you remembered your password or security question, it probably wouldn't have worked since the account has likely been hijacked which is why the password reset process doesn't work for you.

    The private forum gives us hope since you feel like eventually someone will give you an answer tailored to you.  If your experience is anything like mine, you will be miraculously informed by your "private support person" that your issue has been resolved but if not, you should go to a Windows Live Technical Support forum.  If you're like me, you probably thought that's where you were in the first place.

    However, you will see that this new place that you're redirected to is not private. It's just a bunch of us e-screaming, pounding on e-walls because the cyborg-like support people keep telling us to do things that we can't do like, reset the password or answer the security question which has also been changed by the hacker(s).

    Do you pay for your service?  I do. Not sure why anymore but it used to give me lots of storage which I can't get to .

    The proofs mentioned in this blog seem hopeful but I don't know how to set them up. For example, I'd like to provide my cell number to receive a text for verification but I want to make sure I'm going to get a response from support and I'm not.

  • chome
    7 Posts

    Hi, glad to hear there is a new features for hotmail.

    I am YH from Singapore. Unfortunately my hotmail was hacked on 21 Sep 2010 and the password was changed. I can't do a password reset because i have forgotten the secret question / password.The account was created more than 10 years ago (before it was acquired by Microsoft). I have a lot of services and memberships including Credit card, banks, mobile and other Windows Live services that linked to this account. I went through password recovery process but is not successful. I was then re-directed to a private forum to provide more info but it seems to be a one way communication because i haven't heard anything from them for the past few days. I tried to call local Microsoft Support but they all can't help and asked me to contact Windows Live Team via email. Obviously i can't do anything but waiting. I hope someone from your team can really look into this matter seriously.

    Thanks.

  • 7flavor
    352 Posts

    Multiple account proofs is a truly useful feature. So many times people around me have asked me to somehow recover their passwords because they forgot it.

  • cat36
    14 Posts

    I invite you Mr. Scarrow and everyone else to see how well MSN's support team is working with members whose accounts have been hijacked.    

    windowslivehelp.com/forums.aspx

  • @adacosta: I also had same problem with me. I resolved by deleting those contact's email I.D from my contacts list and putting the e-mail I.D of those compromised account in the blocked sender's list. It really helped me and I stopped getting spam e-mails from their hacked accounts. Try this, It might help ou also.

  • I tried to add a trusted PC to my account. It says that I need to install a Windows Live Essentials in my PC. But I already installed it since the first time I bought my PC. And now I'm using Windows Live Essentials Beta.

    How could I add a trusted PC then?

  • adacosta
    91 Posts

    I have a few friends whose accounts have been hijacked, a couple of them have abandoned those accounts, but I keep getting mail from them. Suppose I want to stop receiving mail completely from those accounts, how do I block the accounts in question? As long as my address is in their Contacts, wouldn't I keep on receiving spam mail?