As a direct result of a phishing scheme, the credentials for approximately 20,000 Windows Live Hotmail accounts have been leaked in the wild
, and published on the Pastebin website. The leak was made public at the start of this week, and confirmed officially by Microsoft. This means that approximately 20,000 Windows Live Hotmail users virtually handed over their sensitive data, including usernames and passwords, to attackers that tricked them via social engineering. There is of course a way for victims of the Windows Live Hotmail phishing scheme to reclaim their accounts.
First off, it’s a good idea to verify whether the password for your personal Windows Live Hotmail account has indeed been leaked. Rafael Rivera from WithinWindows
has put together an online tool
designed to let users check their email address and see whether they are among the phishing victims that have found sensitive data for their accounts leaked.
In case a certain email address is confirmed as leaked, the best thing to do is to act quickly. If you still have access to your Windows Live Hotmail account “then you should change your password and other information right away by accessing the following links: Change Your Password
, Update/Change your Secret Answer
, Update/Change your alternate e-mail
. If you no longer have access to your account, you may want to try the suggestions found on our Password Reset Basics page
. This will walk you through some basic password reset items that may assist you in getting access back to your account,” Microsoft informed.
The first step to take is to change the password, secret answer and alternate email of your hijacked account. Make sure that you are the only one who knows the new information, and don’t, under any circumstances, share the data with anyone. Don’t give away your password to anyone, even if the request appears to come from Microsoft itself.
If you can no longer access your account, attempt to reset the password, and if this also fails, then there’s the Windows Live ID Validation webpage
, as the absolutely last solution you can try. “There is also a Windows Live Validation Page that we have set up to attempt to validate ownership of an account in cases where the Password Reset Basic steps do not work. The Windows Live ID Validation Page was created to ask key questions about your account (only you would be able to provide to us) when you created or updated your account. The more information you provide to us, the better for our Support Agents to validate your identity. We will not provide you a verification to what answers you have gotten correct or what answers you provided that were incorrect. This is for everyone's security and privacy,” Microsoft noted
At the same time you have to be prepared for the scenario in which Microsoft will simply not be able to help you. The Redmond company will work to help you reclaim your hijacked account only if you manage to provide sufficient correct information to identify you as the rightful owner of that specific account.
“Here are some key items that will prevent us from assisting in resetting a password would be:
1. You did not provide accurate information upon creation.
2. You did not provide any information upon creation.
3. You are unable to remember any detail on your account.
4. The information on the account does not match what you have provided.
5. You did not provide enough information to validate ownership. a. Before completing the validation page, you should try to provide as much information before submitting. b. Name and email address is never enough for validation purposes,” Microsoft explained.