Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
Tech tips
Original poster

I've been hacked - - help! - Microsoft support appalling and I don't understand why the hacker is doing what they're doing

2 replies

Juicecharger · 14/12/2024 17:41

Hi. I've been hacked. Yesterday evening, I got multiple messages on my Hotmail account saying that my password had changed for multiple sites: linked in, Nike, Etsy and lots of shops etc that I've only used once or twice. I then saw that they'd changed the log in details on the email address (Yahoo) I used to recover my main email address (Hotmail). I managed to quickly change my log in details for Yahoo but not before they'd got into my Hotmail account which I'm now locked out of. For the Yahoo hack, I was able to speak to an actual person and we got it sorted. For Hotmail, I found a number for Microsoft but it was just a bot which told me that if my account had been hacked I had to do it all online. I tried to do this but to verify who I am I have to answer loads of questions a lot of which I can't answer e.g. when did you pay to use Skype. No idea - sometime during the pandemic. Give me the device number of the Xbox you use - I put that in but it wouldn't accept it even though it was correct. I bumbled my way through the questions as best as I could and they then said they would get back to me in 24 hours (!!!) to let me know if I'd answered enough questions correctly. My concern is what happens if I haven't? Am I locked out of my account forever? I just can't believe a company like Microsoft would not have any live help. Does anyone know if this exists. The other thing I don't understand is the hackers intention. Why would he/she/it be going on to sites where I pay for services? Is it in case I have got my bank card on them for future purchases that they can then access. Finally, does anyone know where I can access professional help with this. Someone told me to call the police which I did but they said the cyber fraud department only works Monday to Friday (unbelievable) and all the cyber security companies I've found online only have a handful of reviews which doesn't inspire confidence/trust. Any advice gratefully recieved as I'm totally out of my depth here.

OP posts:
OnlyFoolsCats · 14/12/2024 18:03

You have an idea of the websites that you've made purchases through or use on a regular basis. In the meantime, whilst you go through the Hotmail process, start resetting your password on all of these:

Online banking
Social media sites
EBay/etsy/online shopping places
PayPal/worldpay/Shop/Klarna
Amazon
Netflix/Tv subscriptions
NHS log ins
Ring camera
Subscription services

When you set the new password up, also set up 2FA/MFA on all of these accounts. You'll need to download an Authenticator app like Microsoft Authenticator, Duo etc.

There is a risk that they use your log in details to make purchases on credit etc

Dbank · 15/12/2024 12:21

Sorry to hear your news.

To recap, in case I have misunderstood, you have two email accounts (on Hotmail and Yahoo domains), both appear to have had their passwords changed so you no longer have access to the accounts, and are therefore unable to reset the credentials of any associated websites / services. This appears to have been a deliberate act as some of the websites / services have already been changed by a presumed “bad actor”.

I suggest the following steps.

  1. Inform your bank that you have been compromised.
  2. Cancel and replace all debit / credit cards.
  3. If you have any accounts / services linked directly to your Bank account (rather than a card) attempt to disconnect them , either via your Bank or via the site if you can still log in.
  4. Consider if the bad actor has control of your email accounts, they can probably reset the credentials on any website / service that uses them, especially if 2FA has not been enabled on the website / service
  5. Consider registering your own domain, and create your own email accounts, as it makes it less likely to be compromised in many scenarios, and gives you greater control. (I.e. you personally own the domain)
  6. If still have access to any accounts, attempt to enable 2FA immediately, E.G. iCloud, one drive etc. (although they may require that you authorise via email which you will not be able to do)
  7. Change any websites / services that use your compromised accounts to a new email account. (If you can)
  8. Consider, how did the bad actor gain access to your email accounts? (i.e. easy guess, untrustworthy person, shared password that been compromised, etc) as this may provide a clue to other vulnerability you may have.
  9. Optionally search https://haveibeenpwned.com to see if your email or password has been part of a wider data breach.

Good luck recovering the compromised accounts.

Have I Been Pwned: Check if your email has been compromised in a data breach

Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.

https://haveibeenpwned.com/

New posts on this thread. Refresh page
Swipe left for the next trending thread