What should I do about outlook (hackers)

Post Reply New Topic

I hear Microsoft email has been hacked. What should I do to protect myself?

I would find out what type of server you're using behind Outlook & run a backup from that. That said, unless it's full of really important high-profile data I wouldn't be terribly concerned.

_________________
"Standing on a well-chilled cinder, we see the fading of the suns, and try to recall the vanished brilliance of the origin of the worlds."
-Georges Lemaitre
"I fly through hyperspace, in my green computer interface"
-Gem Tos

How can I tell if my MS outlook has been hacked?
Thanks

Well it's more a matter of whether the account contained any drastically important information if it was hacked. My understanding of data breaches like this is that they're not normally targeting private individuals unless there's something rather sophisticated in place to 'dragnet' for personal information.

_________________
"Standing on a well-chilled cinder, we see the fading of the suns, and try to recall the vanished brilliance of the origin of the worlds."
-Georges Lemaitre
"I fly through hyperspace, in my green computer interface"
-Gem Tos

It seems pretty unlikely outlook.com as a whole would be hacked without it being all over the news. However, individual accounts could be "hacked" if the passwords get leaked (pretty unlikely, but not impossible) or if you have a weak password that could be guessed or brute-forced (a term describing where someone will use a script to try every common dictionary word plus combinations of words).

In general the best thing to do is:
1. Change your password
2. Enable 2-factor authentication (you'll need an authenticator app like Google Authenticator - I believe Microsoft has one as well)

Don't use the same password for multiple websites, or basically ever. Use a password manager like Lastpass, 1password, bitwarden or dashlane because they will auto generate passwords for you that are more secure and then you don't have to remember all of them. Since you only need to remember 1 password you can make it more complex. Also you can often have 2-factor authentication on the password manager too. Once you get used to using a password manager, passwords and logins will become so much easier.

Oh, and if you're using the Outlook desktop app on a PC, then you also need to be careful of malware running on the PC. Use good anti-malware software (If you have windows 10 and you don't already have other anti-malware software, then Windows Defender will be good enough - just make sure it's running)

My school changed the firewalls and servers and things for Outlook just a couple of weeks ago to make it more secure.

"What should i do" has a different answer depending on who you are. If you just use outlook for your e-mail program, you can contact your boss / teacher / school / IT Department and let them know you are concerned. You can also look on-line and learn about PGP and GnuPG and start using encryption for important e-mail. 7-Zip also has AES encryption and can be used to encrypt any document, file or text file. There are companies like "HushMail" which only do encrypted e-mail and are safer than outlook. Everyone should realize that e-mail is vulnerable to hacking - always has been and always will be. Never put anything in an e-mail if you are concerned that a "Bad Guy" might get it. But if you talk to a friend at the mall you can be overheard too so try not to freak out about it.

If you are a computer professional you can read technical details and/or contact Microsoft and ask for ways to "harden" your outlook server. You can also study for the "Certified Ethical Hacker" test using one of the many books on the market - or take a boot-camp class online. You can advise your company to looking into insurance policies to cover damage and loss from hackers. And educate-educate-educate yourself.

The hack that everyone was talking about during the USA Presidential Election had to do with Microsoft security - including Outlook authentication. Microsoft was sure to point out in an official security builtin that it was the Bad Guys who were at fault and not Microsoft. I am not so sure that Microsoft was right about this. Specifically it had to do with compromising Microsoft Active Directory and making use / misuse of Microsoft Security Certificates of specific kinds to escalate privileges. International security experts suspected Russian hackers but historically China (and the USA by the way) has been up to similar tricks and no-one really knows for sure who this was. Politicians tried to blame it on political opponents.

My feeling as a computer professional is that the problem was a bit like a submarine with no doors - a breach in one place quickly could be turned into a breach someplace else - the general approach for professional should be to look into creating doors between major systems. And keep in mind no security is perfect. One smart man ties a knot, another smart man unties it.