First, I must start with an apology to all those here that got the stupid spam message concerning the purchase of iPhones sent by someone that had hacked my primary Hotmail account.
I learned by some deduction and some investigation that, though I was certain the problem was a virus that had come up on my laptop, being used by my son and daughter, the problem was brute force guessing of my password on my Hotmail account.
Though the account password was something that not many would be able to guess, the proper 10 alphanumeric positions were correctly found.
The ability of many to harness the power of “the cloud” (how I hate that name!) has been fully documented, on places from ComputerWorld to ZDNet, and a column on ZDNet from a few months ago warned that passwords would be at risk, no matter the precautions used, because the ability to bring so much computing power to bear allows the hacker to have access in a relatively small amount of time.
No doubt the number of bad guesses should have been something that raised a red flag, but apparently Microsoft does not have that sort of check in place, as I have never gotten any message about a great deal of login activity – and this is the third time the problem has occurred.
Each time the use of the account was to send out spam, and fortunately, I never keep anything vital in the e-mails themselves, or in the Live Mail, or Pegasus Mail programs I use to do my corresponding.
I will be writing a little note to Microsoft, letting them know of my experience (not that it is unique), but to show that another account hack has been done, and that though I am quite careful, the system is breaking down. Other sites have a feature where if the password is incorrectly guessed a few times (3-5) the account becomes locked. That would not work well for Microsoft however, because during high periods of activity, the correct password is rejected – this I know because my Live Mail program (with stored passwords) will be given the incorrect password message mid-morning throughout the week. At any other time the access is fine, and no intervention is needed.
This tells me that some work would on the current state of affairs needed before being able to enforce a locking mechanism, else Microsoft would be drowned with angry users daily.
Another change of the password, to something rated by the Microsoft site as strong, and hopefully a few more months of spam-free use – at least that’s the plan.