# Hacker Keeps resetting my Live email password.



## AphexDreamer (Apr 22, 2011)

I don't know how this guy is managing it but he keeps resetting my password in live. 

I had a backup email trough gmail and he changed that too 

so then my gmail had a back email to aol and so I reset my gmail then I was able to reset my live.

Next morning he reset my live again! I manged to get it back by using gmail again to reset it which oddly enough he didn't reset my gmail password this time. 

I have now since used a an extremmmmmleeey long password generated at random for live to see if that keeps him out.

The scary thing is I have a totally unrelated other gmail account. Guess what I find in the deleted folder of my live account. A reset password email for my STEAM CONFIRMED TOTALLY UNRELATED TO OTHER EMAILS EMAIL ACCOUNT! It was all in dutch too with link (I didn't click on the links though). How did he figure that one out? Thankfully my secure steam gmail account hasn't had its password reseted yet. 

How is this guy doing this? My password were strong. I suppose i'll see if he gets in now with this new pass.

Keep in mind this is a fresh reformat and my Firewall from my router is on. 

I've done scans anyway and everything is clean.

EDIT: I'd also like to add I had a password reset email from steam in my gmail account. But I did not have my password reset for either my gmail or steam.


----------



## Deleted member 3 (Apr 22, 2011)

Like anyone actually knows what Dutch looks or sounds like.

How about trojan?


----------



## Kreij (Apr 22, 2011)

Only the Dutch can spot true Dutch and then we're still not sure.

Keylogger?


----------



## AphexDreamer (Apr 22, 2011)

DanTheBanjoman said:


> Like anyone actually knows what Dutch looks or sounds like.
> 
> How about trojan?



Exactly? If you mean how did I know it was Dutch? I googled a bit of the email and google recommend to translate a page from Dutch. So then I went to google translator and translated the whole thing. 

What about trojans?


----------



## 2DividedbyZero (Apr 22, 2011)

it seems to be rife at the moment, had my email account hacked earlier in the week, luckily MS froze it and let me reset the p/w.

My steam reset also goes to that account, but luckily, no steam reset email was issued. I changed that p/w too to be safe.

bad news to hear though.


----------



## AphexDreamer (Apr 22, 2011)

Kreij said:


> Only the Dutch can spot true Dutch and then we're still not sure.
> 
> Keylogger?



But how?


----------



## Kreij (Apr 22, 2011)

How what? Did you nuke your system after your Steam account got hacked?


----------



## AphexDreamer (Apr 22, 2011)

Kreij said:


> How what? Did you nuke your system after your Steam account got hacked?



Yeah. 

Is it like spoofing or something? Does he have some sort if LIve ID and my IP and is now free to do what he wants?


----------



## Mussels (Apr 22, 2011)

they could be skipping the password entirely and just using the reset functions. find out what it takes to reset - things like date of birth, secret question and answer, that kind of thing.

change them so he cant know what they are. run a proper antivirus (kaspersky 30 day trial is my suggestion) and see if it finds something your AV missed.


and then finally, stop using hotmail. my live account is on a yahoo i never used for anything, and its never been hacked.


----------



## AphexDreamer (Apr 22, 2011)

Mussels said:


> they could be skipping the password entirely and just using the reset functions. find out what it takes to reset - things like date of birth, secret question and answer, that kind of thing.
> 
> change them so he cant know what they are. run a proper antivirus (kaspersky 30 day trial is my suggestion) and see if it finds something your AV missed.
> 
> ...



Alright?

What do you mean your live is on a yahoo? You access your live email from a yahoo account?

live doesn't ask for anything when you rest your pass other than the old pass.


----------



## Mussels (Apr 22, 2011)

AphexDreamer said:


> Alright?
> 
> What do you mean your live is on a yahoo? You access your live email from a yahoo account?



my live account is tied to a yahoo email. not a hotmail one. they dont have to be tied together. i have to use *******@yahoo.com to sign into everything that uses live accounts (MSN, etc)


----------



## AphexDreamer (Apr 22, 2011)

Mussels said:


> my live account is tied to a yahoo email. not a hotmail one. they dont have to be tied together.



I was willing to just close my live but if I access it within 267 days the counter resets. I have to not login for 267 and well... I'm sure he will. So its either i login to check to see he hasn't changed the password or he logins. Either way it not getting removed.


----------



## Kreij (Apr 22, 2011)

I don't use a web based free e-mail account to tie to anything.
Do you have an e-mail account through your ISP that is inaccessable via a browser?
I don't even use an e-mail account through my ISP, for that matter.


----------



## AphexDreamer (Apr 22, 2011)

Kreij said:


> I don't use a web based free e-mail account to tie to anything.
> Do you have an e-mail account through your ISP that is inaccessable via a browser?
> I don't even use an e-mail account through my ISP, for that matter.



No, not that I'm aware of.


----------



## Kreij (Apr 22, 2011)

Normally when you sign up for internet service, the ISP allows you to create at least one e-mail address in their domain. You may want to look into it.


----------



## AphexDreamer (Apr 22, 2011)

I think he is trying hard to get to my Steam account again. Like I added in my first post I had a password reset for steam email.

And last time he did it I had several password reset emails in my live before (I suppose) he got it to work.

Now I don't even feel like my gmail is safe. I have it set up for Phone SMS and 2 step verification. Although I think he is having a hard time with my gmail. 

HOW IS HE DOING IT!


----------



## Kreij (Apr 22, 2011)

AphexDreamer said:


> HOW IS HE DOING IT!



How do you know it's a "he"? Upset your girlfriend lately or something?

Here is what I would do, and it's a giant PITA, but it's worth it.

Get a secure e-mail account that NO ONE KNOWS (not even your mother).
Contact every organization that you deal with, VIA telephone, and have them create you a new account with a new name and password (tied to your new e-mail address) and transfer any existing details there, then have them delete the original accounts.

Don't give this e-mail address out to anyone you don't explicitly trust. Ever.
Use some crap e-mail service for basic communications and nothing else.

Best wishes on clearing this up.


----------



## AphexDreamer (Apr 22, 2011)

Kreij said:


> How do you know it's a "he"? Upset your girlfriend lately or something?
> 
> Here is what I would do, and it's a giant PITA, but it's worth it.
> 
> ...



Thats my second gmail email. That why I don't know how he figured out about it already and why I even got a reset pass for that gmail account (Dutch) in my live account when there is no connection between the two at all.

If he/she is dutch then I guess I can anticipate attacks at night, although last steam hijack was done in the afternoon.


----------



## Bo$$ (Apr 22, 2011)

what antivirus do you use?


----------



## AphexDreamer (Apr 22, 2011)

Bo$$ said:


> what antivirus do you use?



Malware bytes. Currently after reformat thats all I use.


----------



## Kreij (Apr 22, 2011)

AphexDreamer said:


> If he/she is dutch then I guess I can anticipate attacks at night, although last steam hijack was done in the afternoon.



Since it's perhaps someone Dutch, it could be me or Banjo, but we would not do something like that for little or no apparent gain.

Remember, this is a public forum and you are telling everyone exactly what you are doing to resolve the problem. Both members and guests.


----------



## AphexDreamer (Apr 22, 2011)

Kreij said:


> Since it's perhaps someone Dutch, it could be me or Banjo, but we would not do something like that for little or no apparent gain.
> 
> Remember, this is a public forum and you are telling everyone exactly what you are doing to resolve the problem. Both members and guests.



I'm aware. Its not like I know when he/she is going to attack. All I can do is wait and hope I'm near a computer to catch it before things escalate. 


I hope these new passwords are enough to stop him. I can't even remember them.


----------



## Thassodar (Apr 22, 2011)

This is a good read about passwords:

http://www.baekdal.com/tips/password-security-usability

He was criticized for it by some big names in computer tech and responded to it: 

http://www.baekdal.com/tips/usable-security-reply-to-security-now/

He seems like he's pretty knowledgeable about passwords and stuff, I suggest giving it a try.


----------



## TheoneandonlyMrK (Apr 22, 2011)

do you mean malware bytes free version that you load to scan?


----------



## AphexDreamer (Apr 22, 2011)

theoneandonlymrk said:


> do you mean malware bytes free version that you load to scan?



Yes.




Thassodar said:


> This is a good read about passwords:
> 
> http://www.baekdal.com/tips/password-security-usability
> 
> ...




Also my previous passwords should have taken him 219 years to brute force and now these even new ones are far more complex. IDK how he manged to change em. I just reformatted so it can't be a virus or anything like that.

Time will tell... Thanks for the help TPU. If some master TPU hacker is on and knows whats going on in detail please feel free to share


----------



## TheoneandonlyMrK (Apr 22, 2011)

i have that on my system but its my emergency scanner not av, and as it dosnt run permanently it wont stop trojans .virus's etc from being downloaded or whatever, you need something proper for the job, there are a few good free ones but most of them wont do it all either so it might be best for you to get a paid for one that works well.
and the minute/second you go online the hacker could be throwing a key logger or some such your way i had a pc get a virus whilst doing a fresh install i scarce got to see the desktop before it began repeteably shutting down


----------



## trickson (Apr 22, 2011)

theoneandonlymrk said:


> i have that on my system but its my emergency scanner not av, and as it dosnt run permanently it wont stop trojans .virus's etc from being downloaded or whatever, you need something proper for the job, there are a few good free ones but most of them wont do it all either so it might be best for you to get a paid for one that works well.
> and the minute/second you go online the hacker could be throwing a key logger or some such your way i had a pc get a virus whilst doing a fresh install i scarce got to see the desktop before it began repeteably shutting down



I have been in this situation before , But that was with windows XP . Since I have changed over to win7 64 bit I have not seen any thing like this happen . 
Is there a way to prevent a key logger program at all ? What I mean is there a FREE program that can prevent them from this ? I use MSE and haven't had any problems at all .


----------



## Bo$$ (Apr 22, 2011)

Similar thing happened to my younger brother who didn't use a normal antivirus suite
malware bytes is not so good as a standalone product, use MSE or Kaspersky AV for general use.
Best thing to do is run a: 
Panda Anti-root kit deep scan
Kaspersky Anti-virus Scan (use the trial if you want) 
(too be extra safe run: Spybot search and destroy)


----------



## TheoneandonlyMrK (Apr 22, 2011)

i too use mse but didnt want to recomend something ive only used a few months, AVG free is also very good but has the slight issue of not removeing rootkits(though it does try to block them) but then malware bytes does that so bit of both id sugest

most AV soft tries to stop all malicouse soft getting onto your pc but some versions wont remove all types, usually the free ones as thats how they make you buy, wait for you to dl something bad that they find for you then pass ya the sorry you need the full ver screen lol


----------



## WhiteLotus (Apr 22, 2011)

Could be using the "forgot password" function, perhaps change that too.


----------



## AphexDreamer (Apr 22, 2011)

Whats the lightest Virus Protection out there??

I don't like using them cause they constantly nag nag and nag and bog down my PC taking up resources and seem more like a virus themselves then actually protect. 

Thats been my take on them, but if it changes things I suppose I'll install one. Will it really stop him from changing my passwords?


----------



## Eric_On_Web (Apr 22, 2011)

KGB keylogger maybe. Really powerful fully hided, extremely hard to crack the password to open the program and able to send all you type to a remote email adress in log forms. 

The basic way to access that program is CTRL+ALT+SHIFT+K 
All at the same so press and hold. But even there its possible to change that command of access.

I used it already to learn about a cheating ex-gf (Thx to KGB spy program lol)  and even at 500miles of distance its like if you are behind the person while he/she type.


----------



## Easy Rhino (Apr 22, 2011)

so after that mess with your steam account you didnt format?


----------



## Eric_On_Web (Apr 22, 2011)

AphexDreamer said:


> Whats the lightest Virus Protection out there??
> 
> I don't like using them cause they constantly nag nag and nag and bog down my PC taking up resources and seem more like a virus themselves then actually protect.
> 
> Thats been my take on them, but if it changes things I suppose I'll install one. Will it really stop him from changing my passwords?



Use Microsoft Security Essential. In paranoiac mode it will protect you without suckingtoo much power and you can even choose how much % of the cpu you wanna share to the mse program. But remember the more cpu you put in use for the protection the faster it react to an attack.


----------



## AphexDreamer (Apr 22, 2011)

Easy Rhino said:


> so after that mess with your steam account you didnt format?



Thats the thing.



I did...

I've got AVG Internet Security 2011 running now. I'll use that for a bit and see how it dose me.


----------



## erocker (Apr 22, 2011)

AphexDreamer said:


> Thats the thing.
> 
> 
> 
> ...



You're screwed, someone has you on their hit list.  Like I mentioned to you previously, get rid of all of your old online accounts, email, etc. and make new ones.


----------



## AphexDreamer (Apr 22, 2011)

erocker said:


> You're screwed, someone has you on their hit list.  Like I mentioned to you previously, get rid of all of your old online accounts, email, etc. and make new ones.



That much I knew.

I can't get rid of my old email. 

It won't delete instantly. It will after 267 days but he could log in and reclaim it by then. I have made a new one for steam so that should be ok accept I think he's found out about that too already.


----------



## erocker (Apr 22, 2011)

AphexDreamer said:


> That much I knew.
> 
> I can't get rid of my old email.
> 
> It won't delete instantly. It will after 267 days but he could log in and reclaim it by then. I have made a new one for steam so that should be ok accept I think he's found out about that too already.



Contact support and let them know your situation. They'll delete your account.


----------



## Kreij (Apr 22, 2011)

That what I said in post #17. Take care of this offline (via telephone).
I would do this for every online account that you have since you have no idea what's been compromised at this point.


----------



## Easy Rhino (Apr 22, 2011)

your bank accounts are next and your line of credit. you better act fast.


----------



## AphexDreamer (Apr 22, 2011)

Contacting Support did nothing. Its all online. Didn't find a number to call.

I have to leave for work now, but I will look into it some more when I get back.


----------



## 1freedude (Apr 24, 2011)

What about a packet sniffer?  Im not malicious savvy, would this be a method someone could employ?


----------



## Kreij (Apr 24, 2011)

1freedude said:


> What about a packet sniffer?  Im not malicious savvy, would this be a method someone could employ?



Odds are almost 0% unless it is someone in his house that is on his LAN (or accessing it wirelessly if he is using a wireless router, but this still presents quite a challenge for SSL transmissions).
You could potentially access (hack into) his ISPs systems and pull packets (and have to decrypt them if sent through SSL (https)), but no one who has that kind of access to resources would use it to grab a Steam account to just play his games.
They'd more likely be hacking into world bank accounts, corporate servers, governmental agencies or Mussels' pr0n collection.


----------



## D007 (Apr 24, 2011)

All I know is I'd be running full virus scans, malware bytes and resetting all my passwords to something much harder. If that failed I'd reformat my entire system.. Guy gets your bank info your in trouble. Getting your steam info would be bad enough..><
PS: If you find Mussels pern collection, plz forward it to me. ^^..


----------



## Kreij (Apr 24, 2011)

@D007 ... He's done all that (even nuked his system). Seems to be still having problems.



> PS: If you find Mussels pern collection, plz forward it to me. ^^..


You will need to rent server space in the cloud. I hear it uses more disk space than all the data from NASA, NORAD, CERN, the LHC and Google combined.


----------



## D007 (Apr 24, 2011)

If your using wireless would you need to make sure it has a password set for access?
Maybe I don't understand that fully but from what I've heard, that's a pretty big security leak.

dang, did all that huh.. ouch man.. Who's cherrios did u piss in? ><
LMAO Kreij....


----------



## Champ (Apr 24, 2011)

I don't know it anything like ZoneAlarm would help you now?


----------



## slyfox2151 (Apr 24, 2011)

D007 said:


> If your using wireless would you need to make sure it has a password set for access?
> Maybe I don't understand that fully but from what I've heard, that's a pretty big security leak.
> 
> dang, did all that huh.. ouch man.. Who's cherrios did u piss in? ><
> LMAO Kreij....



it is HIGHLY UNLIKELY its a local attack, VERY HIGHLY UNLIKELY.... somewhere around 1 in 2 billion chance ..... its just not how hackers work.... the amount of effort it would take to do that would be huge compared to the outcome of what they are looking for.


----------



## Solaris17 (Apr 24, 2011)

honestly if we are nuking rigs doing scans finding nothing etc etc. im willing to say that its spam. some bot sending out fake password renewals iv gotten them before and my accounts were never accessed. Infact when mousing over the link in them it will probably point to a diffirent web address. Its probably phishing at its finest. One easy way to find out? Call Steam and ask them if their has been a recent reset request on your steam account. if yes. they are trying to hack it. if no your getting phished. Of course that will only work assuming you havent reset the password yourself.


----------



## AphexDreamer (Apr 25, 2011)

Well I"ve put really crazy hard passwords and since then nothing so far.


----------



## micropage7 (Apr 26, 2011)

btw have you check your pc too? does it clean from virus trojan etc
so no matter what you do it always return again n again


----------



## Trigger911 (May 3, 2011)

Kreij said:


> Odds are almost 0% unless it is someone in his house that is on his LAN (or accessing it wirelessly if he is using a wireless router, but this still presents quite a challenge for SSL transmissions).
> You could potentially access (hack into) his ISPs systems and pull packets (and have to decrypt them if sent through SSL (https)), but no one who has that kind of access to resources would use it to grab a Steam account to just play his games.
> They'd more likely be hacking into world bank accounts, corporate servers, governmental agencies or Mussels' pr0n collection.



Arp poising is simple stuff to do also a dns poison ... that person could do a man in the middle and act like a gateway


----------



## silkstone (May 3, 2011)

Someone else also mentioned it could be a phishing attempt. There are a couple of warnings on some MMORPG forums regarding false e-mails claiming to have reset passwords. The link contained then proceeds to go to a login page where you enter your username and password.
Maybe i mis-read some of the posts, but the only thing you have been receiving is password re-set e-mails, right?

Edit - NVM, i didn't read correctly, he actually got hold of your E-Mail passwords. They weren't something easy to guess were they?


----------

