Hacked email account - where do i stand?

[rossfourfive]

A few days ago i couldn't get into my hotmail email account and i kept getting the password incorrect error message. I proceeded to go through the password reset process but when the secret question came up it was in Chinese.

I created another email account and sent an email to hotmail explaining i believed someone had hacked into my email account and requesting that i have the password reset. I was successful in this and i now have access to my email. It turns out someone had got into it, my details had been changed so that my home country was China and my secret question had been changed.

I have since been in contact with hotmail to try and find out if there was any activity on the account while i was unable to access it to see if someone has been able to get hold of any information or entry to any other internet accounts i have. They have just replied stating this:-

Please be advised that we could not confirm whether an unauthorized individual accessed your account or provide you any information about who may have done so, as all Windows Live Hotmail member information is confidential.  We can only release it to law enforcement officials when served with a subpoena or criminal search warrant, in compliance with the Electronic Communications Privacy Act (ECPA).

Are they correct in saying this or do i not have some grounds to access this information under Data Protection or something similar?

I appreciate any help you can offer

[kinboshi]

They're not based in the UK, so DPA doesn't apply.

I'm sure it's all covered in their T&Cs.  I'd be careful with any free internet-based email account (Hotmail, Yahoo, Gmail, etc.).  The other thing to remember is that all emails are stored on servers as plain text, so any email you send through those accounts or receive through them is pretty much open access for certain people.

Think of emails as postcards, rather than letters.  You send a letter you can tell if anyone's read it (unless they steam it open), whereas with a postcard, it's open so that anyone can read it as it moves around the internet.

The only way to hide the content of an email is to encrypt it (using something like PGP). 

[Acidmouse]

Sorry not sure what you can do, but it defiantly got me a little worried.

Anyone know a quick way to save all your hotmail folders onto your comp?

[doubleup]

I think you should assume that any other resources associated with the account have been comprimised and change passwords. linked e-mail account immediately. Also don't link anything financial to a free mail account.

[ACE2M]

and how have they compromised your account maybe key logging trojan maybe? full trend house call scan a must.

[rossfourfive]

Thanks for the replies,

As soon as i realised somone had got into my account i changed all my passwords from another PC incase it was my laptop that was infected.

I also scanned my laptop with every virus checker i could get hold of and it looks clean. Nothing else has been touched (so far touch wood) so i think i can rule out keylogger or trojan.

Luckily my poker accounts weren't using that email but still another hotmail one. What emails do you use for poker accounts if you recommend not using them for anything financial?

[doubleup]

Don't you have accounts available with your isp?  You at least are paying for a service so they have some incentive to be more secure.

[Bongo]

The only way to hide the content of an email is to encrypt it (using something like PGP). 

GPG is a free version, there's a handy extension to thunderbird that will automatically handle the encryption/decryption for you too.

[kinboshi]

The only way to hide the content of an email is to encrypt it (using something like PGP). 

GPG is a free version, there's a handy extension to thunderbird that will automatically handle the encryption/decryption for you too.

There are free versions of PGP too

[Bongo]

Do they have the ease of use of Thunderbird and the correct extension (think it's called enigmail...).

GPG is an implementation of OpenPGP so it should be compatible with all those other free programs