Friday, July 31, 2009

Hotmail account is easy to claim, reset the password and effectively hijack the account?

Dormant Hotmail Accounts Easy Prey for Hackers

One of the most effective means of warding off spam messages and phishing scams is to
create multiple, disposable e-mail addresses. Typically, one address should be for personal matters, such as correspondences between family and friends, and at least one should be used for paying bills, subscribing to online newsletters, registering for message board activities, and other such pursuits.

According to Download Squad, if one of those accounts is through Windows Live Hotmail,
maintaining that address, and actively using it, is an absolute necessity. The Windows Live help files state that if the account remains inactive for over 270 days (or if it isn't used during the first 10 days following activation), then the account will become inactive and all information contained within the account's files will be deleted. If the account remains inactive for one year, then the address is reentered into circulation.

This means anyone can claim it, reset the password, and effectively hijack the account. By accomplishing this, the hackers can pose as the original account holder and request other password resets in order to gain access to any service (bank account, bill pay) that might have been previously subscribed to with the address.

Compromised e-mail accounts certainly aren't uncommon, even plaguing professional techies as scammers recently employed similar techniques to
take over personal accounts of Twitter employees. For protection against such hostile e-mail takeovers, regularly check all accounts so that none of them become dormant, and definitely take measures to fortify account passwords so that Web deviants can't easily gain access to personal information.

1 comment:

Anonymous said...

Great blog. I have been following for some time. Thanks and keep it up!