My Outlook/Hotmail Account Has Been Hacked Twice

altomic on 16/09/2025 - 04:21
Last edited 16/09/2025 - 07:50 by 1 other user

hi,

my email (microsoft/hotmail/outlook) keeps getting hacked.

twice in the last 2 weeks.

they leave threatening draft emails in my inbox see here which lay out what they have done.

the first time they used my email to get into my aliexpress account and ordered a usb thumb drive to be sent to poland (a really bad price) - the weird thing was they filed disputes of items not received from all my recent orders. -8 orders- for which I got refunds for.

they changed my aliexpress password and log in details (email address as well) - so a bit of work to change all that back

then an hour ago i discovered my email had been hacked again (i got multiple phone notifications of of 2FA code requests)

and they posted a second threatening draft email

this time the hacker used my email address to attempt to get in to my ebay account - ebay security detected weird activity and shut it down
also attempted to access my netflix

i've added 2FA to my email address
and to ebay account
obviously changed the passwords.

is there anything else I should do?

i just ran malwarebytes and it found 3 threats on my PC - which have been quarantined.

it also showed data breaches of the sites where I had registered/logged in with my email address with - most recently Malindoair on 5 september 2025

question - was this just the result of brute force password attack? or too hard to tell?

p.s. sorry for the rambling post - it's 4:15 in the morning

Related Stores

outlook.com

• 

  barge-in hunter on 16/09/2025 - 04:29

  +10

  Sorry to hear that - it’s really unsettling when it happens. Here are some very basic things you should do (imo)

  1. Get a password manager
  2. Change all your passwords to unique, random characters (the password manager will automatically generate these)
  3. (While you’re in there changing passwords) Setup 2fa on every account that lets you
  4. Go into your Microsoft and Google account settings and remove all logged in devices

  You can go down the path of setting up Authenticator apps as well, but just start by cleaning up your leaked password situation first

  • 

    Jimothy Wongingtons on 16/09/2025 - 06:53

    +8

    Should add do these on a device that is not already compromised

• 

  Dundundunnnn on 16/09/2025 - 05:23

  +4

  What's your password, I'll login and take a look for you?

  • 

    EightImmortals on 16/09/2025 - 07:04

    +1

    It's 'password' dummy, everyone knows that! :)

    • 

      geek001 on 16/09/2025 - 09:54

      +1

      Too short. I have updated it for you for 2025: Password.420

      • 

        EightImmortals on 16/09/2025 - 09:56

        Nice! :)

      • 

        McMaferMur on 16/09/2025 - 10:38

        not password2025?

        • 

          geek001 on 16/09/2025 - 10:45

          @McMaferMur: Lol. No uppercase character and no special character. Password.2025? Also, some companies enforce a monthly password rotation, so maybe Password.92025?

  • 

    tabz on 16/09/2025 - 07:12

    +3

    hunter2

    • 

      CodeXD on 16/09/2025 - 07:56

      +3

      I just see *******

• 

  Far Cough on 16/09/2025 - 07:11

  +2

  Was your ozbargain account hacked too?

  • 

    altomic on 16/09/2025 - 08:40

    It wasnt

• 

  RobBoss on 16/09/2025 - 07:26

  +8

  As a last resort OP, add an alias to your email and make it main, disable or delete your old email. Microsoft has issues with changing emails but you can try on their website.

  The steps are:

  1. Go to My Microsoft Account
  2. Find "Your Info"
  3. Press "Edit account info"
  4. Add your alias email and make it primary. *You won't lose your old email, but it will no longer be the default, so proceed with caution. Microsoft has a lot of issues with changing your default email address back.

  In the future, make an alias as a burner email and use that for everything from shopping accounts to newletters. Never use your main email.

  • 

    CheapandUsed on 16/09/2025 - 07:53

    +3

    Add your alias email and make it primary

    I did this years ago and it worked a treat.. so the alias is only used to log in to Microsoft accounts, never given out to anyone else.

    The compromised email account is used for everything else with bitwarden for strong passwords.

  • 

    burningrage on 16/09/2025 - 13:40

    +1

    This is perhaps the best advice so far. I don't have problem ever since utilizing the Alias feature.

• 

  Paul Atreides on 16/09/2025 - 08:46

  im not a tech expert, but if this was me.

  1. get a new/clean computer and start changing/updating account info on that computer. as above, pw manager can help.
  2. physically disconnect your old computer from the internet. uninstall the wifi card, unplug the lan cable. recover what you can into a portable hdd, and delete all your account information from that computer. you can try reformatting it but at this point, all my trust in the old computer would be gone.
  3. take the portable hdd to an "expert" before plugging it into the new comp to make sure it's 100% clean.
• 

  DingoBilly on 16/09/2025 - 09:08

  +9

  One thing I'd add is its unlikely they have access to anything more than your email and password (and potentially spoofed mobile number).

  If they're leaving you messages and trying to threaten you - it means they don't have anything else and just trying to get you to send money over or click on malicious links. Of course, if you comply in any way they'll just keep the threat going so don't engage.

  If they actually had control of your computer or more than email, they'd be doing a lot more. Like why send you threatening emails when they could wait patiently for you to login to net banking and then transfer much more money out? They're trying to intimidate you into making a bad decision.

  Make sure to just update passwords and security settings where possible. It may be easiest to just detonate the email entirely and change all your stuff to a new email.

  Sounds like they may have access to your spoofed mobile phone number, so unless you can get a new mobile number they'll likely be able to keep resetting your accounts via the email/phone number combo. Hence why it may be easier to change the email entirely to prevent the 2fa being breached that way.

  See sim swapping for info on the mobile phone issue and how 2fa can be intercepted that way.

• 

  jv on 16/09/2025 - 09:19

  +1

  change your password from cimotla

• 

  Dollar General on 16/09/2025 - 10:12

  +1

  I would ask the hacker what password you should use to stop being hacked

• 

  hasher22 on 16/09/2025 - 10:35

  I would
  1. Log out of all devices: should be in your outlook settings
  2. Change your password
  3. Set up 2FA authentication and/or set up 2FA with an app. For example Microsoft has an authenticator app, you login to your outlook and you have to enter a 6 number 2FA which can only be found in the authentication app and you have up to 30 seconds to enter it.

  I do #3 for PayPal. I kept getting notifications that X country and X IP kept trying to hack it. So I set up 2FA and I now require a 6 digit password from the authenticator app to get in. I know Microsoft and google has an authenticator app. So yeah. Try that.

• 

  McMaferMur on 16/09/2025 - 10:35

  i dont know how it can be hacked (again) after you change the password.
  unless you change yours from password12 to password123 :D

  • 

    netjock on 16/09/2025 - 14:01

    Probably using the list of passwords from compromised lists.

    I've got my passwords setup so I can see based on the password which website the compromise came from. Means all site passwords are somewhat unique.

• 

  oooooooo ahhhhhhh on 16/09/2025 - 10:38

  Reset pc, change passwords and you're done.

• 

  thisusernameistaken on 16/09/2025 - 10:50

  +1

  i just ran malwarebytes and it found 3 threats on my PC - which have been quarantined.

  it also showed data breaches of the sites where I had registered/logged in with my email address with - most recently Malindoair on 5 september 2025

  Malwarebytes has that feature? I'd just use HaveIBeenPwned directly as that's what all those data breach notification services are pulling their data from. You can search by email address, or you can put your old password into the Pwned Passwords page and it will tell you if it's in a data breach and how many times it's been leaked.

  RobBoss's comment is what I'd do next if you haven't already. Basically say your email is altomic@outlook, you would create an alias email address like altomic-loves-chocolate@outlook… and then make that the email address you use when logging in. Emails will still come from altomic@outlook, except you no longer login with the altomic@outlook email address.

  Don't use SMS 2FA, disable that if it's enabled (this is to eliminate the sim swapping attack vector), but be sure to have the app based 2FA setup on at least two different devices. This is because if you lose the access to one device, you still have a backup device to get the 2FA codes. I'd probably have it on three devices to be sure… perhaps your partners phone, your phone and then a tablet or old phone etc. Also make sure you store your recovery code in a safe place too.

  I agree with DingoBilly's comment too. They probably don't have access to your computer… Just like the sextortion email scam where they claim they have access to your webcam and that'll leak videos of compromising content… it's highly likely they're bluffing. But you probably should put tape over your webcam anyway, since it's a good practice to do.

  • 

    altomic on 16/09/2025 - 18:27

    Malware has that feature. Maybe for the paid version? I got a 14 day trial version.

    Yeah, they also sent the email saying that they had accessed my webcam….

• 

  Danstar on 16/09/2025 - 12:46

  I get those emails all the time, saying they have video of me doing "bad things" lol

  Sometimes they even have my correct my password in the email, but they can't access my account without the SMS code required.

  Delete and move on.

  • 

    netjock on 16/09/2025 - 14:04

    I got alerted to these emails using compromised passwords from a list. The passwords they use on me is real so I know when it was from and type of password.

    I use unique set for non financial and financial websites so you can tell by the combinations.

    Less sophistication more social engineering scams OP is subjected to. There is no keyloggers or remote access to OP's network.

    If they have video of bad things why don't think have a screen grab of 1 frame.

• 

  Koppers on 16/09/2025 - 13:41

  For your Hotmail/outlook make sure to login via the main website on a desktop and the outlook app. Mobile version won’t show. Some times hackers can add rules for the inbox/junk and will auto direct incoming emails while hiding them from the user, so you won’t see the password changes or compromised connected accounts.

  As well as checking any added apps to the outlook account. Some use 3rd party email hosting apps to redirect too such as Thunderbird. Remove all and back the apps you know.
  On the main desktop outlook site use the log out everywhere. Microsoft will take 24hrs to sign out everywhere though.

  You can also Google search to clear hidden rules as well in case there is any hidden from normal view.
  In your inbox on your search bar type in any account that may be connected to that email, as any emails incoming during the compromised time could be hidden/ in limbo as you will only see if you search manually until rules are changed.

• 

  Sunny84 on 16/09/2025 - 14:15

  1. Open outlook and ensure auto forward of all emails to another email address has not been setup. If its enabled, delete the forward address and disable it immediately.
  2. Change your password
  3. Enable MFA
  4. Change your MS account to password-less account
  5. Logout of all devices (apparently can take hours to sync across different devices/platforms
  6. If you had sync enabled and have auto saved password for external sites, make sure to reset all of those.

  Check step 1 again frequently as its likely this will be re-enabled.