Jump to content

Should I be concerned?


Recommended Posts

I was updating my Hotmail security information, when I noticed the area for recent login activity, and I noticed going back to last month on the 10, their have been 2 attempts to log in to my Hotmail almost daily, the seemed to have stopped by the 18 then started up again yesterday , they all failed with wrong password,



My question is their anything I should be doing,

Link to post
Share on other sites

Then you can presume that it is more or less a probing attack.  A preemptive action would be to change your password making sure it is a Strong Password.

I would say my passwords are pretty strong, keep them at the character limit for the sites, and they all different, what I don't get is why they would continue to probe for months, on top of that even if they somehow where able to guess my password, they still wouldn't be able to get in.

Link to post
Share on other sites

100% agreed - I love KeePass.

 

I have around 1400 myself, but I also include product keys, SSL certificates (since you can attach actual files into the database), configuration files, exported .reg entries, and numerous other things.

 

My entire (now defunct) M$ Technet product key listing is in there....every key I ever redeemed through TechNet, and I joined when there were still 10 licenses per product (other than Terminal Services products)....

 

Using plugins, you can even setup TOTP (Time-based One Time passwords) which is the basis for more than a few TFA (Two Factor Authentication), plus plugins for many other purposes - my favorite one is the favicon downloader, which allows you to download the website's favicon if you add a URL to a particular entry (not 100% perfect, but works for about 90% of my entries).

 

OK, off my KP soapbox lol...

 

As to the probing attempts, since it is not you, yeah, I'd keep a close eye on you account - if it happens twice a day like clockwork, and shows from all different locations, sounds like a bot -net trying to hack your account, and only twice a day means that it is probably set so that it does not set off the account lockout procedure.

Link to post
Share on other sites

even if they get the correct password, it requires a second password be typed in, that is sent to my cell, I would know instantly something was up if I got that.

 

 

Also, what is really weird is if you click on the failed attempt in the recent activity, it lists the ip address as well as device type and browser app type, the weird part being the device type is listed as unknown and so is the browser/app.

Link to post
Share on other sites

Yes, it is most likely an attempt to hijack an email account so that it can attempt to glean information on the account owner to attempt to hijack their PC and make it a part of hte bot-net, as well as an attempt to self-propagate the bot-net by sending infected emails to everyone in your contact list.

 

As for device and browser type being unknown, not really surprising, as it is more than likely a generated script that is being run automatically (or on a schedule) in not only your but potentially thousands of other email addresses worldwide.

 

And I regularly check for my attempts on all my accounts as well - and I do not have anything like this on any of my accounts.

Link to post
Share on other sites

I check my other accounts for that stuff regularly as well, but I just learned that hotmail has this, I will point out about 7 years ago my computer got infected and this email address was used to send spam, I found out in seconds of the emails going out that it was happening, and unplugged the computer from the net, and went on a clean one and changed passwords, then formatted the computer,

Link to post
Share on other sites

I have a hotmail account that I use for message boards and such--an account I can delete if I need to.  This thread got me checking, and I see that there have been three failed attempts to log into my hotmail e-mail account.  One was from Venezuela, one from Argentina, and one from the west coast in the U.S.  Like you, Fivealive, the ip addresses were listed but device and browser unknown. My laptop is trusted so it doesn't require the 2 step verification, but my other devices do.  

 

Quite troubling, really.  I mean, the attempts were unsuccessful and my password is so random as to be very difficult, if not impossible, to guess.  But still...I am really sick of all the cyber crime crap. 

Link to post
Share on other sites

No, that is their modus operandi.  They will continue to do so, using brute force attacks, until they get in - and think about it - they are limited to doing 2 attacks per day on your system - and if each attack takes, on average, 50  milliseconds to execute and another 50 milliseconds to get a response, then both attacks take 200 milliseconds. that allows them to attack 432000 email addresses per day.  And if that is one machine conducting all of those attacks, and you have 1000 machines running on the bot-net, then you have 432000000 email address attacks that can be performed each day.

Link to post
Share on other sites

I'm not trying to hijack this thread, but I looked up the three failed login attempts on my hotmail account at AbuseIPDB dot com.  One of the failed attempts came from Microsoft!  This website said the IP address I was checking was from a 'trusted hosting ISP' and could not be reported.  That was the U.S. IP.  I reported the 2 South American IP's, and I am the first person to do so.  

 

Hotmail doesn't seem to allow for reporting unless the hacker actually succeeds in logging in, then there is a 'not you?' button you can click in that case.  

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.