Helping people with computers... one answer at a time.

Once your Windows Live Hotmail account, or contact list, has been hacked or compromised, there are several steps to clean up after you get it back.

My husband's Hotmail contact list has been hacked and a phishing paragraph was sent to them. Now it appears whenever he tries to forward an email. How do we get rid of it?

It's unusual that only the contacts would have been hacked into, and it's more likely your entire Windows Live Hotmail account has been compromised.

Frankly, I'm surprised you still have access.

But, given that you do, there are several steps you should take immediately, to recover from the damage that's been caused. One of those steps should take care of the phishing paragraph that's showing up.

I'm going to assume you're using Windows Live Hotmail's web-based interface. In fact, many of the steps we'll take will need to be taken there.

The very first thing you should do is very simple: Change Your Password. This is so important, I'd go so far as to say do it now; before even reading the rest of this article. It's the first step to slowing down (though perhaps not preventing) the hacker from continuing to access your compromised account.

"Remember that your Hotmail account is really your account for all Windows Live services ..."

There are now several things you must change to regain total control of your account.

Start by clicking on the Options item in the far right of the Windows Live Hotmail display:

Windows Live Hotmail Options link

In the drop down menu that appears, click on More options.

On the resulting "Manage Your Account" page, click on View and edit your personal information. That will take you to a page much like this:

Windows Live Hotmail Personal Information page

The short version is that while your hacker had access to your account, they had access to everything here. If they didn't change it, they likely could have seen important information that you might care about.

Change it.

For everything that makes sense, change it.

  • Change your password: as I mentioned above, to prevent the hacker from accessing your account.

  • Change your security question: to prevent the hacker from having changed it and using it for a password reset after you change your password.

  • Change your alternate e-mail address: to prevent the hacker from requesting a password reset to an account that he may have changed this to.

  • Change your mobile PIN, or remove your mobile number completely.

  • In billing options, consider removing or changing the payment method listed, and be sure to keep an eye on that credit card's statements in the future.

Also review the Additional options at the bottom of this page, making sure that the hacker didn't change permissions, marketing preferences, or anything else relating to your account.

That's the high priority stuff, but there are still plenty of things that need to be looked at.

Return to the "Manage Your Account" page. You'll want to double check almost every option listed on this page, as the hacker may have altered it while he had control of your account.

In particular, I'm guessing that you want to take a look at the "Personal e-mail signature" settings.

Windows Live Hotmail personal signature

As the text of the feature states, the text in your signature is "added to the bottom of each e-mail message you send". I'm guessing that your hacker added his own personal message here, and that it's being automatically added to every message you send. Remove it.

In reality, if your hacker has been thorough there's a lot of damage they can do, and it can be a lot of work to re-construct your account. Remember that your Hotmail account is really your account for all Windows Live services, including Messenger, Spaces, Groups and who knows what else. While they had access to your account, they had access to all of that. And that means that they had access to any and all options relating to those other services in addition to Windows Live Hotmail.

It simply goes to underscore the importance of keeping your account safe, choosing a strong password, keeping it secure, and in general keeping your computer safe on the internet.

Prevention is so much easier than trying to clean up the mess after a problem.

Article C3734 - May 17, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

41 Comments
David Shapiro
May 19, 2009 9:53 AM

The exact same thing happened to my Hotmail account a couple of days ago. A phishing email was sent out to my contacts. I immediately checked the Hotmail inbox and saw some returned messages that were sent out to invalid addresses. All of my contacts were erased and the phishing email had become my vacation response.

Everything else looked OK in the account, but I did everything that Leo recommended. I stopped regularly using this Hotmail account many years ago because of the huge volume of spam.

Neil
November 26, 2009 7:10 AM

I'm involved with IM and on mmore than one occasion I've been asked for my password to my hotmail/live account presumably to email their message/offer. I have always declined even though I do trust the people involved but it brings the question to mind if they can email my whole contact list how do I mail that way, without having the insanely long "mailed to" list which looks and will set off the spam police?

rachel adams
January 13, 2010 1:49 PM

I had my email hacked into and cant get into my email, they changed my question, my friends got emails from my email asking for money

That is correct. Your account is most likely gone forever. Read this article: Hotmail says my password is incorrect, but I know it's right. What do I do?
Leo
14-Jan-2010

Weeping Willow
April 7, 2010 9:26 PM

My hotmail account has been compromised. I cannot log in nor can I get any help from the hotmail people. Is it possible to reinstate my hotmail account or have I lost all of the contact info etc. forever? Please help. You seem to be the go to person for all problems. thnx.

If Hotmail has been of no help, I know of no way to get the account back. This is one of the many reasons I so strongly recommend agaist free accounts for important stuff.
Leo
08-Apr-2010

Nito
April 10, 2010 3:50 PM

Leo
Great radio show by the way.
I have been suspecting for some time about my Win Live mail being compromised. Last week I received an E-M from a friend in Cancun, Mex warning me to be cautious with my messaging & e-mails; He said that He could see my conversations and E-Mls. Am I doomed? Do I continue using MSN / Win Live site?
What's at risk? What did actually happened?
Did my friend compromised his account & in return He was thrown a "hook" from a hacker, hoping he would grab it?

No idea. Your friend would have to describe better exactly how he can do what he claims. (And I don't have a radio show. Different Leo Smile I'm Leo Notenboom.)
Leo
12-Apr-2010

Robbie
April 25, 2010 7:30 PM

Just happened to me. Thanks for the article I have done everything you suggested.I guess I always knew the password was weak but didn't do anything, now it is strong and I will change it frequently.

Skip ENGLISH
May 6, 2010 2:26 PM

I have been turning in circles since my hotmail was hacked I have applied your suggestions and will wait for further outcome. THANKS can't be said any better.

Carter
May 12, 2010 4:47 PM

Can't get into hotmail account. It has been taken over, tried to contact hotmail to obtain person to return my email account. I think person has changed all my information since I'm not receiving message from my alternate account. Need help on next step.

Rizwan Habib
May 16, 2010 1:16 AM

please inform how i can recover my send emails i didn't delete my self. so please help how i can get back i need all. waiting for your reply

Rizwan Habib
May 16, 2010 1:21 AM

how i can recover all my send emails in windows live so please help me in this issue i need all mails back in same folder so please inform me, this emails i didn't delete my self i think some one hack this account i change my password, so please help in this matter kind regards.

Teri
May 19, 2010 12:44 PM

I heard that this had to do with a breach in Facebook. It's happened to some other folks I know. Your contact list is used to distribute e-mails about on-line pharmacies.

gill
June 30, 2010 6:00 AM

cant recover/get into my hotmail emails - wont let me change password etc and just keeps coming up with Error 999 - no help from windows live etc - just dont know what to do, so extremely upset and annoyed

Nicole
July 6, 2010 5:34 PM

Yesterday my account sent out a spam mail for some laptop.I myself never open links from that type of mail let alone send it. Today I was on for a lil bit then when I went back I could no longer get in.It was saying wrong password ugh. I want it back!

imorgan67
August 27, 2010 4:42 PM

Hotmail account was hacked and everyone in my contact folder has received an email about how I'm overseas, flat broke and to please send money. I no longer have access to my Hotmail account as the hacker has changed the password. I've initiated the account validation/password recovery process but how will I know if and when problem is resolved. Should I just consider this email account toast and get on with my life?

If you don't hear anything from Hotmail in 48 hours or so, then yes - in your shoes I'd consider the account lost forever.
Leo
28-Aug-2010

janis
October 23, 2010 4:15 AM

I just went through the whole email password recovery thing with Hotmail and thought I was out of the woods. But the hacker address keeps coming back in and force forwarding my email. Have deleted it twice but still comes back. What can I do?

My guess is that you changed only your password. That's not enough. Please read: Is changing my password enough? (Short answer: no.)
Leo
24-Oct-2010

David
November 4, 2010 10:04 PM

Hello Leo. Thank the lord for saints like you to help the less computer able muppets like myself out there.
I too think i have had my Hotmail compromised; lots of undeliverable messages in my inbox made me check my sent messages and shortened links to sites selling viagra were sent to all in my contact list along with other contacts that are not in my list.
I have now changed all the details outlined by yourself and are now waiting to see if this has rectified the problem.
Is there anyway the Hotmail staff can help with this issue? I know alot of it comes down to regularly changing your passwords which many of us don't do quite as often as we should, but i am sure that Hotmail could see who is hacking its users and more than likely can see how they are doing it and therefore advise us of counter measures in response. The very least they should do is alert us to the problem. As far as i can see it is only a problem suffered by Hotmail users. It may be free but would you pay for it???

You can try contacting Hotmail customer service, but in all honesty from what I hear from people I wouldn't expect much help.
Leo
05-Nov-2010

Diana
November 14, 2010 6:59 AM

My email account has just been hacked and some friends have been sent spam emails from "me." I've followed all your advice above, but I'm worried that the hacker will now have access to all my online memberships to things like online shopping sites and supermarket accounts etc because I've used the same password for everything. Do I need to change my password for all my other accounts as well (like facebook, amazon etc)?

Thanks

I would strongly recommend that you do so. This is one reason why having the same password for everything is such a bad idea.
Leo
14-Nov-2010

Amanullah Noori
November 16, 2010 11:32 AM

My hotmail account was hacked today. They have changed my password and secret question so I cant get in and change anything. They sent an email to all of my contacts asking if they could send 500$. I responded to them from a different email account and they have given me details of a person to send money to via western union funds transfer so I am off to the police to see if they can do anything but they didn't help me so can you please do some thing for me. I have alots of emails from him or her that send me to my gmail account and I can send you as a prove if you needed for making sure that is my email account and please do some thing for me.

There's nothing I can do. Please read this article which discusses your recovery options for the various ways that Hotmail accounts can be lost or compromised: What are my Lost Hotmail Account and Password Recovery Options?
Leo
17-Nov-2010

thenudehamster
November 24, 2010 10:50 AM

Strikes me that either Hotmail is an unusually easy system to hack, or, more likely, it hasn't been hacked at all, but that these sufferers have managed to acquire one of the multitude of viruses that spread through email and address books. If nothing other than reports of spurious ads seems to have happened, then I am more suspicious that this is in fact an infection, not a hack. That reports of this kind are becoming so prevalent is one reason I will never rely on a purely web-based email system. I have always used a dedicated, protected, email client (currently Thunderbird) with a proper email account, and I have never had this kind of problem.
I would suggest that, as well as carrying out all the recommended actions of password changing etc., sufferers also run a full deep-scan virus and malware check.

Jesse Merritt
November 29, 2010 12:03 PM

I am disgusted to find that someone has accessed my hotmail address book and sent the following advert to everybody in my address book: How to protect my hotmail contact list

sharon edison
December 2, 2010 5:16 AM

not one antimal or antivirus or what have you i used found anything.....one at leasst said it would only check wind live...no others what good are they then

That's because an email account hack as described in this article is typically NOT a virus or malware. Rather it's a hacker simply gaining access to your account.
Leo
02-Dec-2010

Brittney
December 3, 2010 6:45 AM

I am in my email, trying to change everything you said, but the hacker has added an "unique ID" (which is listed directly under my windows live ID in the manage account tab) and it won't let me change it. The hacker also added an email for password reset and I tried to look it up on yahoo and they're saying that ID hasn't been taken yet. Are there any other options? And yes, I changed my password a few days ago. Thanks in advance!

This article discusses recovery options for the various ways that Hotmail accounts can be lost or compromised: What are my Lost Hotmail Account and Password Recovery Options?
Leo
04-Dec-2010

Sarah
January 18, 2011 8:51 AM

Hi, my hotmail settings all appear to be ok but it appears to be sending dodgy random emails with web links on to all of my contact list. It's driving me and my friends mad. Please advise if this is different to whats been mentioned above! thanks

This article discusses recovery options for the various ways that Hotmail accounts can be lost or compromised: What are my Lost Hotmail Account and Password Recovery Options?
Leo
19-Jan-2011

steve
June 2, 2011 3:51 PM

i have be blocked from my account and every time i go on there to resend it it wornt let me put in my new email address what do i do please help

This article discusses recovery options for the various ways that Hotmail accounts can be lost or compromised: What are my Lost Hotmail Account and Password Recovery Options?
Leo
03-Jun-2011

Sherion
July 6, 2011 8:44 AM

I read this and changed my settings. Thanks for the help! I have a question about my contacts though. Whenever I send an email to a group of people from my contact list, a couple of sex email addresses appear on there too. But when I look on my cantact list to delete them, I can't find them. Is there anything I can do about it?

J
October 8, 2011 1:47 AM

Leo,
Most hacked Hotmail happens not because their password was hacked but because the hacker sends an e-mail to the user that comes from a friend or contact persons they knew. Obviously this wont be picked up by spam filters nor does it look suspicious if it comes from someone you know. Once the e-mail is opened, it contains a worm/virus that not only gives the hacker access to your pass word, but attacks the users contacts directory. Once hacked, it sends out an e-mail to everyone in your contact list putting your e-mail address as the sender so your friends think you are sending them an e-mail. Little do they know the e-mail is from a hacker and the worm has now hacked into their e-mail account. MSN has done noting to help this spreading problem. I have been hacked twice now this time the hacker gained access to my Google accounts and it has created a nightmare for me. My suggestion DO NOT TYPE IN ANY CONFIDENTIAL INFORMATION IN ON ANY INTERNET SERVICE. Keep it off the net if you want to stay safe.

Liz Case
October 13, 2011 3:03 PM

My situation is the same as Sherion's , above. When I start a "new" email and click the "To" button to have the abbreviated contact list pop up, at the end of the list are several "adult" entries. But when I click on "Contacts" on the left-hand bar, the entries don't appear, so I can't delete them. A couple of new ones have turned up recently, too. How can these be removed? Will a professional be able to "scrub" them out of my hard drive? Thanks --

When they're displayed simply down-arrow to select one, and then press the delete key. Repeat for all offenders.

Leo
14-Oct-2011
Amy Mireles
October 14, 2011 3:53 PM

I've changed my password, but after I changed it, I still received a SPAM email from myself. I don't know what happened. How can I know my email is safe after it's been hacked?

Getting spam from yourself does not mean you've been hacked - more on that here: Why am I getting spam from myself?. If you have been hacked you may need to change more than your password: Is changing my password enough?
Leo
15-Oct-2011

Bernie
October 21, 2011 3:20 PM

I changed my password, however in the alternate emails their is an address which is NOT mine and it will not allow me to delete it. It is {email address removed}. How can I get this alternate removed?

This article discusses recovery options for the various ways that Hotmail accounts can be lost or compromised: What are my Lost Hotmail Account and Password Recovery Options?

Leo
22-Oct-2011
Vincent Braniff
October 26, 2011 11:42 AM

My Hotmail account was closed and I've lost all my contacts. But on my other computer I came across this file of contacts with a ’windowslivefile’ extension. Is there any way of accessing these since I think they are the email addresses of my lost contacts.

If you can help it would be greatly appreciated.

Liz Case
November 22, 2011 8:22 PM

Leo, I've now found a solution to the hacked Contacts list. In the abbreviated "Contacts" list that pops up when I start a new email and click the "To:" button, I had found "Adult" contacts added to the end of the list, and I couldn't find any way to delete them. Finally, I noticed that in the Hotmail left-hand sidebar under "Messenger," there was a message, "3 invitations." I clicked on that message, and was taken to a screen that showed several "friend requests" and below those, several "invitations" to join "Groups." Lo and behold, those groups had the same names as the bogus entries on my abbreviated Contacts list! And when I clicked to refuse the invitation, hooray, they disappeared from the abbreviated Contacts list! (They had never shown on the contacts list that appears when you click the sidebar option.) After refusing all of them, I went into my Profile (click on Profile in the upper right-hand corner of the screen, right under your name and beside "sign out.") I changed my profile options to the most private settings, and I hope that will prevent future unwanted appearings.

Neelam kaur
December 19, 2011 8:27 AM

hi there, i have signed into my different hotmail account and its sayin its been blocked, because of spamming, however i hav got personal information in there, so how do i unblock it, thankyou

This article discusses recovery options for the various ways that Hotmail accounts can be lost or compromised and I believe it applies here: What are my Lost Hotmail Account and Password Recovery Options?
Leo
19-Dec-2011
Wendy
March 29, 2012 6:11 PM

So if your account has been hacked, why would they use your contact list alerting you of the breach? Why not just browse through your emails (many of mine had files attached) and get the info they are looking for. Since I have my emails saved every time I send, they now have my password list, financial records, resume, etc. This is the worst thing that could have happened. Are there some hackers that just go in and steal your contact list. Between when I found out that I'd been hacked and changing my password, it had been several hours. That would have given them lots of time to browse. I'm praying they didn't get anything that can harm my credit or identity.

Mark J
March 29, 2012 9:36 PM

@Wendy
It might be a good idea to contact your credit card companies and inquire if there has been any recent activity on your accounts, block those cards if necessary and change any passwords that you may have on those lists.

Hussein
April 18, 2012 7:05 AM

I read the answer above, but for me I could not access to mail inbox or option,, just show that me user name and password are correct but I could not access to my page

my blocked email is {email removed}

connie
April 18, 2012 9:01 AM

@Hussein,
You might want to know that posting your email to a live forum like this greatly increases the spam you get, and also your likelihood of being hacked. Getting your email back is going to be difficult, and along with that it would be good to learn some basic safety tips as taught regularly here in Ask Leo!

Here's a great article on that:
Why shouldn't I post my email address in a public forum?

cc
May 9, 2012 5:44 AM

My account has also been compromised. Details:

25Apr2012: WinLiveEssentials updated to 15.4.3555.0308. WLM client Version 2011 (Build 15.4.3555.0308).

01May: Received mail from my own address, sent to my address plus 2 contacts. This item was in INBOX and in SENT ITEMS. Unlike my legitimate sent mail, the item's FROM field is empty.

09May: Received another mail from my address, to my address and same 2 contacts, plus one non-contact address that I emailed on 03May. This item was in INBOX only, not SENT ITEMS.

Each item's content was a link; the 2 links were similar but different domains - both contained ".../blog/wpcontent/themes/.../likeit.htm?..."; both links' text appeared to match the target address.

I changed my account password after the 09May incident; I could not find any indication that anything had been altered. I have also deleted all contacts. None of my other WLM accounts has been affected AFAIK.

As was mentioned in the thread, it seems unlikely that someone with malicious intent would send out emails to advertise his activities.

FWIW I've used WLM since 2009 without apparent incident. The timing raises suspicion that the 25Apr WLE update could be a factor.

Anyone else with similar experience?

Thanks,
CC

Your live.com email account was simply hacked, and yes this is happening a lot. Changing your password and all password recovery information is the right thing to do.
Leo
09-May-2012
cc
May 10, 2012 7:11 AM

Leo, thanks for the fast reply to my 09May post. I've done a bit more digging since I posted and I don't believe the items were sent from inside my account. As I said, the 2nd item doesn't appear in my outbox - I suppose a hacker could have deleted it - but the first item has different property details than my legitimate outgoing mails. They all start with FROM:..., TO:..., SUBJECT:..., DATE:... etc. Above those fields in the bogus message I see MESSAGE-ID:..., CONTENT-TYPE:..., X-ORIGINATING-IP:... and then FROM, TO etc.

To me this strongly suggests "spoofing" rather than hacking?

Of course that leaves the question of the additional recipients. I now realize that the 2 TO addresses in the first email were the only 2 adresses I've mailed from that account since 03Mar2012. The 2nd email added the one additional address I emailed on 03May. IOW, the targets seem more likely to be derived solely from my outgoing mail rather than my contacts list, although I have no idea how that could happen.

Sorry if I've gone a bit off-topic here - I thought the additional details might be of interest to others...

CC

Lynn Ludwig
July 4, 2012 12:02 PM

My account must have been hacked - everyone in my contact list received a spam email from me. Now my account is locked and a strange email address is listed in the drop down "how do you want to receive your code", how do I get my account back?

You may not be able to. This article, already on Ask Leo, discusses recovery options for the various ways that Hotmail accounts can be lost or compromised and I believe applies in your situation: What are my Lost Hotmail Account and Password Recovery Options?
Leo
06-Jul-2012

connie
July 4, 2012 8:17 PM

@Lynn,
Read this article... it will help:
Email hacked? 7 things you need to do now.

mok kok leong
August 4, 2012 10:39 AM

Your live.com email account was simply hacked, and yes this is happening a lot. Changing your password and all password recovery information is the right thing to do.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.