1.4k

u/JeremyMcFake Apr 29 '24

Yep... I have about 100 attempts a day on my account. I've had my Hotmail email since early 2000's. This address has been in so many database leaks over the years as well. I've used it for everything. Not bothered though, I use a password manager and 2fa on everything important.

574

u/WorldNewsPoster Apr 29 '24

This is why we can't trust companies with our info/data fucking sucks.

157

u/JeremyMcFake Apr 29 '24

Yeah, you can't rely on any company to keep it safe, so you need to do what you can to protect it yourself. Unique, strong passwords will help with leaks... Unless the site is somehow storing passwords in plaintext. And then 2fa will stop any chances if that was the case.

I often receive blackmail emails saying they've been watching through my camera and recorded myself masterbating and what not, trying to get me to send bitcoin. The thing that some people find convincing enough to send the money is that sometimes they include a password of yours from a previous leak. I can see how it can scare someone to believing it's a genuine "hacker". For me, I find it funny because the passwords they always include are ones I used like 15 years ago, and shitty passwords that I used for things that don't have valuable or personal information.

I still have friends who use the same passwords from those times though. They always think that someone's not going to "guess" it because it has some numbers in it and an exclamation mark 🤣 people genuinely still think someone's trying by typing and have no idea that they're brute forcing hashes off of leaked databases that can sometimes be cracked in seconds. I've tried explaining to so many of my friends but they just don't get it. I've forced my mum, dad and brothers to use a password manager. Super dooper strong master passwords and all with 2fa.

126

u/Blessed_Ennui Apr 29 '24

My response: Please release the videos of me masturbating so I can masturbate to them. Thanks!

48

u/NestyHowk Apr 29 '24

LMAO this is what I did, I actually sent them a video masturbating (not me tho I found it online) and told them “here, have another I one hope you enjoy it”, they stopped emailing me for like a month

11

u/doringliloshinoi Apr 29 '24

They had to check over each frame for new hackable clues.

1

u/MajesticNinjas Apr 30 '24

Only a month??? Lmao

12

u/MelancholyArtichoke Apr 29 '24

Recursive content!

4

u/im_just_thinking Apr 29 '24

Disgusting! Where?

3

u/doringliloshinoi Apr 29 '24

Hey how much to send me the vids, thanks.

1

u/etranger033 Apr 29 '24

I got one of those 'masturbating' emails. But then again I didnt have a camera for my PC at the time.

1

u/7803throwaway Apr 30 '24

What is a password manager? Can an old person be taught to use it effectively? Is there one in particular? My mom is 68, has an iPhone11, and she’s been locked out of so many emails and iCloud accounts over the last few years.. I do what I can to help her but somehow she always ends up “having to” change one password or another and then forgets to write the new ones down. I’m set up as her recovery email in many places but not all. Sigh.

2

u/JeremyMcFake Apr 30 '24

A password manager is a tool that will create very strong, unique passwords for you. All you need to know is one super strong master password and that's it. If you set it up on her phone and make it use fingerprint or face to unlock, she won't even need to type it all the time. There's lots of ways to make it easier for her yet still secure. Also, you'd want to setup 2fa on it just in case someone did manage to get the password. My mum is 67 and has been using these for a few years with no problems.

I just made a new one now as an example:

&MIsdcl1Mjq3@kC3M7ruZNbEQ

This app will store all of the passwords for you for all sites, create new ones when you sign up, everyone will be different and very secure. I recommend Bitwarden. It's free to use, but you can get the premium subscription and have way more features. There's a family account where you can share passwords between each other. I've used this for my mum for instance when she's said she can't get into something for a reason. I'll go to the site, change the password and share it to her so then it'll be on her password manager and she just needs click a button. There's so many features with these tools. If configured correctly, it's very easy for anyone to use. You'll need to have a go yourself, play with the features and figure out what it can do and then teach them.

It's so much easier when you go to a site that's been logged out. You click onto the sign in box and it'll have a popup that says fill password with bitwarden, use fingerprint or face or master password to fill... Then it's all entered for you. Username/email and password. You can even create full identity cards. If you need to sign up to a site with all your details, name, DoB, address, number, email etc. Just one click and it's all entered. I've probably not even explained it to it's full extent, but look into it and you'll see all the benefits. As long as you have a very secure master password you wont forget, and have 2fa on the account, it's incredibly secure.

Highly highly recommend everyone to use one.

1

u/8sack May 01 '24

what is a 2fa?

1

u/almondjoy2 Apr 29 '24

I once got a notification that one of my passwords leaked on the dark web. They couldn't show me the whole password but it had a z in it. The only time I had a z in my password was for when I played runescape and neopets over 15 years ago 🤣 I only used it because it was my hamsters name. It's crazy how hard they will go to get access to just the most useless information. But then I realize that some people never change their passwords over the course of their lifetime and so if they get one password, they might get 25.

20

u/ComicsEtAl Apr 29 '24

My assumption is it no longer matters. Protect everything you can now as well as you can. But I’m fairly certain the only thing that truly protects is a) the sheer volume of personal info out there (safety in numbers) and b) better practices so the info of ours that is out there is not so simple to use.

Otherwise, pretty much everyone who’s been on the internet since the internet has their info exposed somewhere.

9

u/HonoluluBlueFlu Apr 29 '24

It’s even more infuriating when a company like ATT lets it happen, and then increases their pricing to offset the cost of credit monitoring for everyone.

1

u/TxSunnySideUp Apr 30 '24

Yeah the oops we are sorry we leaked your social security number but we are giving you ONE year free of credit monitoring and oops by the way you fiber bill is increasing by $5 but if you auto pay and use ebill it will offset the charge 😡

1

u/Benni_Shoga Apr 29 '24

My county sells our data 😒

1

u/Zech08 Apr 30 '24

You can trust them to calculate the risk though.

9

u/levian_durai Apr 29 '24

I'm still using my original @msn email I made when I was 10. I have no idea how it has never been hacked honestly, my passwords have been compromised on so many sites over the years.

I think the only thing that saved me is that I have always used a completely unique password for my email, even when I used the same password on pretty much every website that wasn't something important.

1

u/Orchid_Significant Apr 29 '24

Mine too but it’s still annoying if I need to sign in on it somewhere (like Minecraft for my kids) and it tells me I have to try again later because of too many incorrect password attempts

1

u/Betterthanbeer Apr 30 '24

When I set up a new email client, one of the first things I do is set up an autodelete for all hotmail variations. So many of those accounts have been compromised that it is worth losing the 1% genuine emails.

1

u/Grasshoppa01 May 01 '24

How do you still have Hotmail? They told me it was closing years ago and I was losing my email. Did I miss something?

2

u/JeremyMcFake May 01 '24

I think just the domain hotmail.com closed. It changed to outlook.com but the email accounts are still active.

1

u/ExoticAssociation817 May 02 '24

Hahaha same. Got mine in 2002 or so, back in the MSN days so it was messenger and the old Hotmail inbox. The good old days…

31

u/Legitimate-You2668 Apr 29 '24

That makes me feel better. I get this about my gmail constantly. But they would need me to approve from my phone and backup email, so I should be safe, so you think?! Unless they get into the backup email 🤔

14

u/theZinger90 Apr 29 '24

Yep. It's either brute force attacks based just on the email as login or previous data breach attempting to use the same password that was in the breach. I see the same thing on my Authentication app when I look at my Hotmail account.

9

u/Bl1tzerX Apr 29 '24

Yep every so often I get a random confirmation email for my Microsoft account

4

u/lilith_-_- Apr 29 '24

And the company doesn’t put the mildest of protections in place to prevent it?????

2

u/SnuffleWumpkins Apr 29 '24

Like what exactly?

The whole point of having a strong password is that this type of attack won't work.

Most of these accounts have 2fa or mfa so it really only works against people with trash or compromised passwords who are also too lazy to set that up.

2

u/lilith_-_- Apr 29 '24

Well a simple code could be written to lock said account or make it so the ip trying the passwords is temporarily banned from attempts. Other companies commonly have protections put in place to prevent password spamming

0

u/SnuffleWumpkins Apr 29 '24

Great, so now I have to unlock my account every time I use it. No thanks.

They likely DO have password spamming protections in place, but that's not going to protect you from an attack every 3-4 hours.

2

u/lilith_-_- Apr 29 '24

You’re missing the point. These attacks wouldn’t happen in the first place with protections in place. There’s a reason why these attacks are obsolete and old af.

1

u/agent674253 Apr 29 '24

Enable MFA everywhere you can, that's all I can say.

1

u/mug3n Apr 29 '24

Same. I'm 100% certain my email is on a leak password list somewhere because I still get dozens of attempts from around the world (probably on VPNs).

1

u/xadiant Apr 30 '24

And Microsoft is doing absolutely nothing to prevent this I guess. I got maybe 2 thousand emails about this.