Hotmail Usernames & Passwords Leak

(Tip: Everyone should look into their email filters, use a password manager and change their passwords often.)

"Back in April, hackers have dumped a mind-boggling 3.2 billion Gmail, Hotmail, Netflix, and LinkedIn usernames and passwords on the dark web. This hack was officially called Breachcomp2.0. Cybersecurity experts dubbed the record-setting data breach “the mother of all leaks.”" -- Greg Jameson

Articles you may want to take a look at:

• Cyber Pandemic is here – Largest data leak ever – change your passwords now!
• Your email and password were probably posted online in the mother of all data leaks
• Largest collection of passwords ever has been leaked online
• More than 20,000 U.S. organizations compromised through Microsoft flaw

How to Check if your Hotmail or Outlook was Compromised

Microsoft allows Hotmail and Outlook users the ability to check any recent activity with their account. Open your browser and go to:  https://login.live.com/   You will be prompted to Sign in to your Microsoft (Hotmail or Outlook) Account.

You will then be redirected to https://account.microsoft.com/. Scroll down a bit to reveal Activity history under the Privacy section.        

You will then have to Verify your identity before you continue. (Depending on how you have your security settings setup.)

You should see the Privacy Dashboard. Here you can manage your account activity data. You can click the drop-down arrow for each category to get additional information on that topic.

Click the Security tab across the top (between Privacy and Rewards). To look at the Sign in activity click the link View my activity in the first box.

You will see a page called See when and where you've used your account. You should recognize each of the logins or attempted logins under the Recent activity section. I can see attempts where someone tried to get into my Hotmail account. 9 hours ago someone attempted to sync my Hotmail account from a Peru IP address. 14 hours ago someone had an Unsuccessful sin-in from a United States IP address. On 6/21/2021 at 2:47 AM there was another Unsuccessful sin-in from the United States and on 6/20/2021 at 2:50 PM there was another Unsuccessful sin-in from Pakistan.

Click the arrow on on the left to a location you don't recognize. As you can see below, there was five unsuccessful attempts from multiple IP addresses and locations. More than likely someone is using a VPN or Tor network to hide their true IP address. If not, then my account was attempted to be synced at six different locations: Peru, India, Russia, Thailand, Bosnia and Herzegovina. I recommend that you click the Secure your account under the Look unfamiliar? section.

Below are two more examples of someone trying to log into my Hotmail account using a Chrome browser on a MS Windows platform. On 6/21/2021 at 2:47 AM someone from New York tried to get into my account. On 6/20/2021 at 2:50 PM someone from Pakistan tried getting into my account. Luckily for me, I had changed my password and they couldn't get in.

You can click the View more account activity link in the lower left corner to view more logins or login attempts. Microsoft will keep a record of the last 30 days of account activity.

I was prepared for the Hotmail and Outlook username and password leak because my Gmail & Amazon account was leaked online.

These security leaks should not be ignored. We have been exposed so many to scammers telling us that our account was compromised that when it really is compromised we either don't believe it or we would rather wait and deal with it later. Scammers try to trick you into getting you to give up your personal information, while hackers use hacking tools to collect your information without your knowledge. Hackers know where to look for security breaches and they collect the data and sell it online and on the dark web.

If you use Windows 10 and you have your Hotmail or Outlook account link to it then you should change your password immediately. Windows 10 will usually Freeze up when it detects unusual activity on the account linked to it. 

Click the Security tab at the top and then click the Change my password under the Password security tab. You can then change your password for your account. DO NOT save the new password in your browser.

Next, click the Get Started link under Advanced security options to make your account more secure. Here you can change your password and/or change the way to sign in or verify you are the owner of the account. Look in the section Email a code and make sure you use an email account that you know hasn't been compromised. Remove any email addresses you don't recognize.

I then recommend that you click the Microsoft account link in the upper left corner to view the eight boxes or speed dials. I recommend that you remove any debit cards or credit cards in the Payment & billing section. Also, look at the devices you have connected to your account under the Devices section. Then go through each section to make sure your account hasn't been tampered with.

Next Login Your Hotmail or Outlook Account (Check Your Filters)

Now, login your Hotmail or Outlook account and click the gear icon in the upper right corner.

Click the View all Outlook settings link on the bottom right corner.

Click the General setting on the left and then Mobile devices to reveal the mobile devices connected to your account. I have three mobile devices connected to my account and I have only used the ChatService and UniversalOutlook, so one of the UniversalOutlook has tried to access and synchronize to my Hotmail account.

Hover your mouse pointer over the devices and click on the Edit button to view more information about the connected device.

You can see that an Outlook client on a Desktop system tried to gain access to my Hotmail account, but an Access denied occurred. I am so thankful that I had changed my password. Click the OK button to close the dialog box.

Hover over the device you want to remove and click the Delete icon.

I deleted the unrecognized UniversalOutlook and the ChatService. I used the chat feature before, but I removed it because I don't use it often.

Before you exit Settings click on the Mail option on the left and then on Junk email. Make sure that no one has created a filter that will block emails from places you purchase online and from your bank. If you see a filter or blocked address that you didn't add then your Hotmail account has been compromised. Remove any addresses in the list that you didn't add.

Next, click on Rules and remove any rules that you didn't create. Usually, a compromised email will have a rule or many rules setup to hide things from the actual Hotmail user.

Next, click Message handling and check for options that you normally wouldn't use. A compromised account sometimes have a check next to "Always keep items unread unless I explicitly mark them as read." This lets the intruder read your emails without marking them as read.

Next, click Forwarding and check to see if someone enabled the option Enable forwarding and added an email address. Then close the Settings dialog box by clicking the X in the upper right corner. 

Now select the Archive folder on the left. Make sure that you don't have any messages sent to your Archive folder that you didn't know about. I also recommend that you look through your Sent folder to make sure that no one used your Hotmail to send messages to your family, friends, and work colleagues.

You can now go through the rest of your Hotmail settings to make sure they haven't been changed or modified by someone else. Your Hotmail account should now be safe to use.

Here's are some links to the recommended Microsoft Edge extensions that will help keep you safe online:
    Bitwarden - Free Password Manager
    uBlock Origin
    Poper Blocker
    Privacy Badger
    HTTPS Everywhere

---

Remove Internet Explorer (IE)

If you are a Microsoft Windows user then I highly recommend that you remove Internet Explorer (IE) from your system. Even if you do not use IE it can still harm your system. Some may not even realize that they have IE on their Windows 10 system.

Articles you may want to take a look at:
   Exploit Details Emerge for Unpatched Microsoft Bug
   Internet Explorer Just Became A Silent But Serious Threat To Every Windows User
   Microsoft Fixes IE 0-Day Used In Attacks On Researchers

If you are a Windows 10 user and decide that you want to remove IE from your system then follow the illustrated instructions from How to Uninstall Internet Explorer in Windows 10. However, make sure that you do not use any legacy webpages or software that rely on IE. If you do, then I highly recommend that you remove any saved passwords in IE.

To delete individual passwords in IE:

1. Open the Tools menu.
   
2. Select Internet Options.
   
3. Click Content.
   
4. Under AutoComplete, click Settings.
   
5. Click on Manage Passwords
   
6. Click on the Web Credentials Manager
   
7. Click on the drop down arrow by the web site you want to remove the password.
   
8. Click on Remove.
   

To delete all saved passwords in IE:

1. Open the Tools menu.
   
2. Select Internet Options.
   
3. Click Content.
   
4. Under AutoComplete, click Settings.
   
5. Click Delete AutoComplete history…
   

To prevent AutoComplete in the future, make sure AutoComplete is deselected for User names and passwords on forms, and then click on OK.

Also, make sure to remove any connection between another account within IE. Open IE and then enter:
https://login.microsoftonline.com/logout.srf. This will force a logout to completely log everyone logged into the current or active account.

Then open your Internet Options within IE and click on the Connections tab. Make sure that no one has changed or altered your settings.

Next, click the Security tab within the Internet Options dialog box. Select each zone across the top one at a time to make sure no one changed or altered your settings. Please make sure that you check the Trusted sites to make sure that a harmful website isn't placed in your trusted sites list. Also, check Restricted sites to ensure that a trusted site you normally visit isn't placed on the restricted list. You may also click the huge button called Reset all zones to default level to put all your security zones back to their default settings. Click the Apply button if you make any changes.

Reset Internet Explorer settings

If your IE was compromised then you might want to reset your settings back to the original settings when it was first installed.

  1. Open Internet Explorer, select Tools  > Internet options.
  2. Select the Advanced tab.
  3. In the Reset Internet Explorer Settings dialog box, select Reset.
  4. In the box, Are you sure you want to reset all Internet Explorer settings?, select Reset.
  5. When Internet Explorer finishes applying default settings, select Close, and then select OK.
  6. Restart your PC to apply changes.

In the Reset Internet Explorer Settings dialog box, select Reset.

In the box, Are you sure you want to reset all Internet Explorer settings?, select Reset.

Select Close

Then select OK

On May 19, 2021 Microsoft announced that it would finally retire Internet Explorer on June 15, 2022. Healthcare, manufacturing, and local government are the main sectors that still have Internet Explorer on their computers.

---

Other Microsoft Related Attacks:

   Nobelium Attackers Compromised Microsoft Customer Support Agent
   Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

---

I hope your Hotmail or Outlook account wasn't compromised, but if it was, I hope you were able to regain control of it and secure it.

Please share this with others to make sure their Hotmail and Outlook account is secure.

June 28, 2021

Home