Hotmail Accounts Hacked, No Matter How Strong The Password

Major breach of Hotmail security allowed hackers to gain full access to any Hotmail account, regardless of the password strength. Whilst researching yesterday’s article on Mac malware I read a new tweet from the Microsoft Security Response team which stated: “On Friday we addressed a reset function incident to help protect Hotmail customers, no action needed”.

Seems inoffensive enough? It was in fact related to a major breach of Hotmail security which allowed hackers to access any Hotmail account – no matter how strong the password :-( A hacker was even offering to crack any Hotmail account within a minute for $20 – and did so, according to a report by H-Online.

Recent Hotmail Security Breach – hackers didn’t need to try and guess the user’s Hotmail password – they just reset it to a new one… The method used was simple but effective. Security analysts explained: “The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values.

This major security loophole was notified to Microsoft on April 6th and a fix was put in place on April 21st but that is at least 2 weeks of breathing space for hackers to exploit this vulnerability and target Hotmail accounts.

Note: if you have come to this page after trying to volunteer with Distributed Proofreaders ( please read the explanation at the bottom of this article!

What Can You Do To Protect Your Account? This gaping security loophole has now been closed by Microsoft so, in a sense, they are correct to say ‘no action needed’ – as it did not require guessing passwords, even the strongest password was no defense.

However, most cases of Hotmail (and other email providers) hacking are due to guessing the right password so there are some precautions you can take – these apply to all types of accounts you use on the internet – email or otherwise:

1. Choose strong passwords – an ideal password is long and has a mix of upper (capital) and lower case (small) letters, punctuation, symbols, and numbers. Whenever possible, use at least 14 characters or more.

A quick way to test the strength of a single password is to use the Password Meter website which I reviewed here. Another useful tool to check all of your existing passwords (associated with an email address or website logon) in one go is Password Security Scanner – see at a glance which of your current passwords have a good or weak ‘strength’ score – I reviewed it here.

2. Never reuse the same password for more than one account – if one is compromised there is an increased risk that your accounts

3. Move to services with a better security record or which offer additional security checks e.g. Gmail offers 2 step authentication (not on by default, you have to set it up) – as well as the password you have a unique PIN code to access your Google account which makes hacking much more difficult. See the official instructions from Google here.


If you are unsure whether your Hotmail account might have been hacked (Microsoft won’t say how many were affected), try to log in with your usual password. As this hack involved changing (resetting) your password, if you can still log in you then weren’t affected by it.

If your password is not recognized there is a chance that your account was indeed hacked (although there could be other reasons e.g. you forgot the right password) – see Microsoft’s help page for what to do if your Hotmail account was hacked.

This story highlights the fact that there are no cast iron guarantees of security from any type of email or internet account – hackers continue to use ever more inventive ways to find and exploit security loopholes.

Volunteers at Distributed Proofreaders (

We here at Techlogon have no connection at all with the Distributed Proofreaders website. The reason you may have been directed to this article is simply because they have linked to it (without our knowledge) if you tried to use a hotmail account to sign up to volunteer with them…

Here is their account registration page with an example of a failed Hotmail signup:


Example of a failed Hotmail signup

As you can see, if you try to use a Hotmail email address you receive the message “Domain temporarily rejected. Too many compromised accounts. Humans please read this article.

This means they reject Hotmail addresses as they think they are insecure (get hacked too often).

Their ‘this article’ link brought you directly to our website (presumably they liked our way of writing!) for some discussion of Hotmail but their security policy has nothing to do with us here at Techlogon – we cannot help you with that.

Please go back to the Proofreaders website and either ask them to change their security policy or (probably easier) just use a different email address to sign up with them…

Hope that is of some help. Of course if you would like to browse our website whilst you’re here we hope you find it helpful – and we have no problem with people using hotmail to comment with us ;-)

32 Responses to: "Hotmail Accounts Hacked, No Matter How Strong The Password"

  1. Horus says:

    Someone has hacked into my hotmail email account and spam to everyone in my Hotmail contacts list. Hotmail has since suspended my account.

    • DGM says:

      Same thing happened to me today, July1, 2012. I was able to change my password and reactivate my account, but it is spooky.

      I guess nothing is really safe after all. I already knew this at an intellectual level, it’s just the first time I have had anything like this happen. I have changed all my online passwords just in case.

      • Roy says:

        Good move – different passwords for each service (and making them strong) is the best way to avoid being hacked

    • Donna says:

      Three days ago my hotmail account was hacked for the second time. And, it affected my family. We installed all the security we could find, but still got hacked. This is the end of the road for us and hotmail. I wish there was some way of finding who is doing this, and of pressing charges!

    • James says:

      My and my wife Hotmail (outlook) accounts were hacked on Dec 20 2012. Password was changed, we could not accessed our accounts. Our password is strong. At 1st we did not know they were hacked, because it said “your account is currently no available, try later”. After waiting for 6-7 hours, i called the Hotmail help line. The person was very helpful, saying that a hacker with IP address in Germany hacked into our accounts – possibly to gain info for financial gains. To gain back the access, we paid US$ 130 for the service. It seems that the hacker could by-pass the strongest PW or security and embedded a program in our computer to monitor the keystrokes as we typed. It seems that “copy and paste” the PW would help, especially for on-line banking.. It is scary.

      • Roy says:

        If password was strong then more likely that you got a keylogger (like a virus) first which then passed your login details to the hacker. Copy/paste the password (or use onscreen keyboard) would avoid (as no key presses to log) but a keylogger could grab other passwords too so it was very important to remove it.

        Afaik MS do not offer telephone help line for Hotmail? If you used a 3rd party company then you should do a full check of your pc using a good antivirus (Kaspersky Internet Security is our favorite, has a 1 month trial and includes an onscreen keyboard and Safe Money feature – like a sandbox for secure sites) in case they didn’t remove all the malware

  2. Richard says:

    I also had my account hacked, I use my ipad to view my emails, was really surprised to find loads of bounced email in my inbox! I had a strong password as well, I just hope that I did not miss any important data.

    • Dave says:

      My hotmail account was hacked 7/3/12, recovered it but am unable to get it out of Arabic and stop all emails being forworded to the hacker. The hackers email is […] or at least that is where all my email is being forword. I cannot change any of the settings because the hack has eliminated the “save” button when it comes to changing the language and forwording. I need help because microsoft is dragging its feet.

  3. MJJ says:

    Mine 15yo hotmail with strong p/w was hacked for the first time 6/28. I was able to recover my account and change p/w and security questions. The 10 messages in my sent items each went to 10 unique email addresses some of which came from inbox messages (not in my addr. book). Each message contained a link to a different compromised WordPress web site (evidenced ‘/wp-content/’ in the path). Two different Yahoo email recipients of my messages had their accounts hacked several days later. One confirmed they clicked on the embedded link, the other confirmed they did not, so not sure what to make of that.

  4. Stacey says:

    I’m confused. The above article speaks of a hacking involving the changing of your password. My Hotmail account has been hacked constantly and my password has never been changed by the hacker. I always can sign in. every time I sign in I have grip loads of bounced Email in my inbox. someone is using my account to spam not only my contacts but many unkown others as well. I change my password constantly…it makes no difference.
    This has been going on for MONTHS! I’m sick of it and will no longer have anything to do with MSN, Hotmail or Live. Clearly they don’t care at all.

    • Ferro says:

      Hi Stacey it looks like you may have a keylogger on your pc, check your pc for virus and spyware. Try run few different antivirus programs( AVG, Avast, Panda, Kaspersky…) and anti-malware programs( Malwarebytes it got free trial,…) so you can be sure your pc is safe. And after that change your password on email account. It should help. And always use different password for each account( MSN, Hotmail, FB, etc).

  5. maureen says:

    my address book is full but i deleted everyone and dont know anyone in that address book dont know what to do help

  6. saima says:

    My hotmail account … has been hacked. My secret question, mobile number and all information changed. Now how to secure??? The email address for recovery is … which is not my email address.

  7. Pia Cook says:

    A hacker got hold of my password. He sent e-mails to addresses taken from my list in the computer. I warned some of them. It appears like a “snowball effect.” He starts with :” I recommend the following site:” by adding a http:// address, but changing it, when sending the e-mail to the same person again. ” Zone Alarm Security”, “Google-Mozilla Firefox” were then installed.

  8. Kay says:

    Yep, I’ve been hacked. A really old email address with a lot of personal stuff saved in folders. What an idiot. Me I mean, not the hacker. Why oh why did I trust MS with my life? They have a terrible rep when it comes to security, and they’ve not helped themselves in making it super easy for even the novice hacker to reset customer passwords. Every time I go to their reset p/w page, I get a reply saying unable to verify you are the account holder. Wow really? What, you mean the hackers got in and changed everything? MS don’t seem to have considered even this most basic of possibilities, and they tell me they can’t let me in to my account now as they care about my security, oh the irony. I am leaving them and their dubious services for the slightly more pricey, but highly more desirable and dependable services of the beautiful, sleek Apple, and my very well protected and looked-after ‘work’ email. This is the start of the decline of MS. RIP.

  9. amrani says:

    plz help me to get my msn back

  10. Jim says:

    I used to use Hotmail but moved to Gmail for better security as it offers 2 step authentication, an additional security measure

  11. P.Molenaar says:

    OK, nice to know you don’t trust me because of my hotmail-account.
    Now what? I have not experienced any hacking problems, my passwords are strong and I have about 40 years experience (starting with sealink).
    So how do I get aboard?


  12. ashoka acharya says:


    I have had a hotmail account for over 15 years. I have not been hacked.

    Is there any other solution?

  13. WTH says:

    You don’t accept people with Hotmail accounts because of a hack over two years ago? With such standards, how can you operate in the Internet all?

    • Roy says:

      @WTH – sorry but I don’t understand what you mean by “You don’t accept people”? To do what? I don’t block hotmail users from commenting on or subscribing to this website – can you say what you think isn’t being accepted please?

  14. Angie says:

    I go to volunteer and am told my help is unwanted because the email service i use was hacked at some point? bizarre, but okay , then.

    • Roy says:

      @Angie – sorry but I don’t understand what you mean by “go to volunteer”? Volunteer – on this website? I don’t block hotmail users from commenting on or subscribing to this website – can you say what you’re trying to do please?

  15. gowri says:

    I also tried to register as a volunteer but was rejected – now I’m guessing it’s because I gave a Hotmail address?

    • Roy says:

      @Gowri – we don’t block hotmail users from commenting on or subscribing to this website. Perhaps whatever site you’re trying to volunteer on doesn’t accept Hotmail accounts…