Hotmail Lead Program Manager's email compromised

Wow don't really know what to say about this. Omar Shahine, a Lead Program Manager for Hotmail, who we've interviewed and had numerous conversations with about Hotmail, has apparently had his email account hijacked. Omar posted this tonight:

What do you do when some one:

hacks into your account

changes your password

changes your secret question

changes your "alternate email address"

changes all your profile information

sets up mail forwarding to another account

Turn on the exclusive junk filter (deleting all your email)

Deletes your life (email, contacts etc)

That is what I found this evening. I believe that some one managed to issue a password reset command to my account and then somehow logged in and reset my password essentially owning my data.

Don't really know what to say about this one, other than "sorry, Omar". Ouch.

Published Feb 11 2008, 07:28 AM by Kip Kniskern

Filed under: Hotmail, Live ID, privacy

Comments

	Mephiles said: I think it's sick that someone would actually want to do that! Omar would be feeling horrified right now. February 11, 2008 10:21 AM
	Alex said: Ouch. O, the irony. Now I'm wondering what his password or secret question was... February 11, 2008 10:33 AM
	BV2312 said: No rollback? I think Hotmail should implement just incase you delete something or someone else deletes something for you February 11, 2008 12:14 PM
	WyzyrdMyrrlyn said: i bet it was some determined hacker who just HAD to do that. the lead hotmail program manager's email, compromised. thats going to send a message.... February 11, 2008 1:30 PM
	kenbw2 said: I feel sorry for the guy. However, if these things were important then shouldn't he have backed it all up? Even in WLMail or something... February 11, 2008 2:05 PM
	JonT said: ouch, thats harsh. Funny this story should come up on the same night i find a password reset email in my inbox. February 11, 2008 3:23 PM
	JonT said: Also I just realised how bad this could be, with the email linking feature the attacker could then access all your linked accounts too. February 11, 2008 3:32 PM
	calum-r- said: This is very shocking. I would have thought the program manager of WLHotmail would have been more secure with his password and secret question. I would have also thought he would have backed up his contacts and exported them. And also his emails, if there is a way? February 12, 2008 3:32 AM
	rgonzruiz said: Exactly the same misfortune happened to me on early 2001 with my hotmail account... At that time I already had my account associated with some MSN Premium services and it took me a couple of weeks to prove my identity and ownership of the account to the hotmail customer support team... I even created a @msn.com account in the mean time to be able to chat in msn and stuff... The hacker had even changed my account's language to swedish or something like that, so when I was able to log in again, no only had I lost everything just like Omar, but also I had no idea where the menus for changing any settings where :DDDD I use strong passwords since, as well as not-so-easy security Q&A's... But ever since, once in a while I come to think of how dependent one becomes with their email addresses... I use my hotmail and gmail accounts for so many services (from my company's MS Partnership login and stuff to payment gateways linked to my gmail or hotmail accounts), that, although it would not be difficult to prove my ownership, it would certainly be a mess to lose for a couple of days... Its no fun at all knowing that even now there are still security holes that allow for this to happen in the Windows Live services, and even scarier knowing that forever there will be a never-ending battle between the IT and the hackers worlds, and that once in a while you might end up as collateral... February 12, 2008 7:56 AM