Friday, August 27, 2010

Your Hotmail is H@cK3d

There seems to be an epidemic going on. I'm getting spam email from friends linking me to websites on v1agra, s3x enhancements, and all sorts of other spam worthy products. In the past week or two, I have seen 3 Hotmail accounts from friends get hacked. The final straw was one night when I was at my desk - Julia was in bed and I got a mass spam email from her Hotmail account (freshly hacked)!

This is not the first time I have seen Hotmail accounts get compromised so someone can send out link spam to the entire address book. Is the problem the security of the Hotmail account itself, or is it the lack of security precautions taken by Hotmail users?

I have never liked Hotmail as an email service, as I have known it to be unreliable at times and very easy to compromise. Take, for example, the "forgot password" security questions they offer in case you forget your password. They tend to be very simple questions like "What was the name of your first pet?". So even though you have a very beefy secure password of "hWbkj5@g", it is easy for someone to figure out that "Rover" is the answer to your security question - and thus gain access to your account through the backdoor (so to speak).

Someone who knows you well but has malicious intent may easily be able to figure out your first pet's name, and thus gain access to your account - even though your password is uber secure! Another possibility is that a hacker with intent to send out link spam to your entire address book can easily program a script that will try thousands of possible pet names, quite possibly coming up with yours. In reality, how difficult are the pet names we usually choose?

One of the better options, if it is offered by your service, is to allow the password reset instructions to be text messaged to your cellular phone. You are usually the only person carrying your cell phone, and if someone does try to hack your account - you will know becuase you are getting the text messages. (gmail offers this)

This largely seems to be a problem with Hotmail. I rarely, if ever, get spam link emails sent to someone's entire address book from friends on Gmail, Yahoo, or any other email service. I know it is hard to change your email address, but if you are using Hotmail - I'd highly recommend switching to another service.