My Microsoft Live.com account got hacked

Q

Quartz-1

Supreme [H]ardness
Joined
May 20, 2011
Messages
4,257
Subject says it all, really. I got an email from MS advising me of an email address change. Needless to say I have not changed my email address. So I've changed it back and changed my password and am running the usual scans on my PC.

Grrr...
 
I had one of those earlier in the week that stated there was suspicious activity from the Microsoft live account from Venezuela. I ended up adding the 2 step authentication they recommended.
 
No offense but unless you share what happened, as in the infection, or the events to look out for this is just not an informative thread and will not prevent others from having this happen.

Thanks for letting us know that someone screwed you, hope no damage was done. It sucks there are so many assholes out there that just can't be honest with their lives and have to F other people over continuously.
 
You can get Avast Business for free to huck on PC/Server/Mac. Cloud managed as well, can lock it down and set it to hardened mode. With Hardened mode you need to disable AV to install apps.
 
tangoseal said:
No offense but unless you share what happened, as in the infection, or the events to look out for this is just not an informative thread and will not prevent others from having this happen.
Click to expand...

If I had information on how it happened, or more information on what happened, I would have shared it.

What I will say is that I cannot enable two factor authentication on the account as that prevents Anywhere Access.
 
Quartz-1 said:
If I had information on how it happened, or more information on what happened, I would have shared it.

What I will say is that I cannot enable two factor authentication on the account as that prevents Anywhere Access.
Click to expand...

What events do you see in event viewer for the failed login attempt? I'd expect to see something server-side that says why(authentication type?). I had played briefly with NAP and used the event ID to determine why it was not happy. You might have to set something up on the anywhere access(gpo or policy) to say "use this type of auth". I'd wonder, too, if the auth type needs to be changed or updated in IIS.
 
Are you sure that your computer is actually infected? You probably just used a bad password and/or the same password on multiple sites, one of which likely suffered a data breach.
 
GotNoRice said:
Are you sure that your computer is actually infected?
Click to expand...

I'm fairly sure my computer is not infected. Malwarebytes hasn't picked up anything.

You probably just used a bad password and/or the same password on multiple sites, one of which likely suffered a data breach.
Click to expand...

The username & password were unique to my MS account.

I'm guessing they noticed what appeared to be an unused Skype account.
 
sc0tty8 said:
What events do you see in event viewer for the failed login attempt? I'd expect to see something server-side that says why(authentication type?).
Click to expand...

There was nothing in the event logs about it. Nothing at all.
 
Wow. Anything client-side for it? If there's nothing server-side I'd question its hitting it.
 
The client was the WSE box. All I got was a message saying that the credentials were incorrect.

But my WSE 2012 box uses that account for registering the domain for Anywhere Access and threw up an error. When I try to repair Anywhere Access to enter the updated password, I get an error 'The password for your domain name service provider user account is not correct', and when I click on 'Retype my password' and enter my credentials in the box titled 'Domain Name Credentials', I get an error with the text 'Your user name or password is not valid. Retype your user name and password'.
Click to expand...
 
You must log in or register to reply here.
Back
Top