Last week my Hotmail account was hacked and every single one of my email contacts was spammed. The email was sent from my actual Hotmail address (copies were in my Sent Mail folder) so for anyone receiving the post I am afraid it looked very authentic.
I have been with Hotmail right from the very start even before it was bought by Microsoft and until last week I had never been hacked before. Hard to believe I know, but way back then there were not many web-based email sites and I think Hotmail tempted me with access to a huge Mailbox for storing all messages.
So I thought I would post about my experience in an effort to make people aware that web-based email is vulnerable and is now seen as a relatively easy target for various scams and to procure valuable ID details. I know some people who run their business using web-based email, they chose it for its flexibility and low cost but just think what could happen if you were the victim of a Spam Scam. The credibility of the business could be severely dented.
Though I was understandably annoyed and it caused people on my Contacts List some confusion it could have been a whole lot worse. Once I started to look at other Hotmail members “hack horror stories” I felt rather relieved. For a start, the scam was selling iPods at bargain prices in the Far East … imagine the embarrassment if the links had pointed people over to some porn site or viagra boutique? Or sent a virus to my friends accounts? Or locked my Hotmail Account and wiped out all my Contacts? C-net has some more information and examples on their site.
It is not just limited to Hotmail though, here is someone blogging about their own hack which happened whilst using Googlemail.
To try to avoid your own web-based email getting hacked these are the two most important things you can do:
1) Pick a strong password. If you are with Hotmail you can do this by logging in with your email address and then Options>More Options>view and edit your personal information>password reset information. Here there is a password checker which will give an idea of the strength of your password.
Non-Hotmail users try visiting this blog which is a fascinating read. Did you know 20% of passwords are so poor even I could guess them!!
eg 123, “password”, pet’s name, favourite football team, your city, date of birth.
We all know that the longer the password the better, but just look at this table below, it puts it all beautifully into place illustrating how long a password might take to crack depending on the number and style of the characters used. My own password is now 19 characters long, with characters, numbers and letters.
UPDATE : Oct 09. In the light of the recent Hotmail phishing incident one thing it did allow was an analysis of passwords. Visit the Acunetix Web Security site for a list of the Top 20 most popular passwords and a breakdown of the password styles that were uncovered by this hack.
2) Run spyware and virus-checker software regularly. This link lists an updated Top 5 for the current best spyware packages. This is a great link for free anti-virus software.
3) Good advice from Google on how to steer clear of phising traps. and maybe take the phising IQ test over at Sonic Wall.
UPDATE : October 2009. Mashable are reporting 10,000 Hotmail addresses and passwords compromised last week and a report on the same topic from the BBC .
UPDATE : January 2010. Good article over at lifehacker.com on password security.
UPDATE: March 2010. Funny list of the 500 most common passwords, displayed on one page over at Flickr (via TheNextWeb).
UPDATE: March 2010. Useful online tools for remembering your passwords.
UPDATE: August 2010. The newly revamped Hotmail site seems to have brought a slew of fresh Hotmail hijacks and spamming. Hotmail have got some help up there, though it took a while to find. Link to Hotmail help regarding latest Hotmail account hijacks and spamming. Hopefully some of you may find it useful.