A tale of being hacked

jase jase

What a night.


Last night I had a notification from Microsoft that my youngest son (nearly 15 years old) "is no longer in your family group", an hour or so before id received notification he had installed the Canon printing app (not a surprise as I have a Canon printer) however this recent notification was far more concerning

I went through to him an challenged why he'd removed himself from the family group, he looked surprised and said he hadn't we tried logging him into his Microsoft account on a browser , 'no account found'.

As he logs in with his Microsoft account I went to windows settings, it showed a different email associated with his account, a protonmail one.

We tried, to go to his Microsoft account, but could not access it, it appears the miscreant had changed the email, password and then deleted the originals

I am unsure as to how this had happened as all my family use 2fa and strong passwords, im guessing he fell foul to phishing or social engineering

I checked his machine ran virus/malware scans which came back as clear, I checked task manager and there were a couple of apps that looked suspicious, I wish I had the presence of mind to make note of their names, one was a taskbar app, the other had a name in Chinese (I think).

I spoke with my son who made the decision to refresh the pc using the fresh download option and selecting removing all data, he knew this would remove all his game saves, documents and other data but felt it was the only way to know the reinstall would be safe, so he started the process.

Concerned his steam, epic, discord and other accounts had been compromised, on another machine with a fresh windows install we quickly set up a new MS account making sure he used a minimum of 30 random characters in his password

We logged into these and other accounts , forcing existing sessions to log out where possible, then changing the password and finally updating the email address to his new one and resetting 2fa

He then realised his Minecraft account he had since he was 5 or 6 was tied to his (hacked)Microsoft account, and could not be logged into from the mojang site

After what seemed like an age we made contact with Microsoft via livechat, after a long conversation and supplying confirmatory data to them they agreed to escalate the request to recover his old Microsoft account, we now need to wait up to 72 hours for a decision. ..

Once his machine had completed the windows 11 reinstall process we logged back in, and carried out a basic setup to secure his device and new account

This was at just after 0300 hours today.

So now we wait to see if he will be able to recover the old account and get back his Minecraft account.

I still am unsure how this happened to him, and it appears to only be localised to that one machine,

I will need to do a direct reinstall on his laptop at his mom's before he next logs in, I may just install Debian on that.

I thought I would share this tale of woe, and suggest you go check the PC's you are logged into, just to make sure.

Today's plan will be to check his other accounts for compromise and select a password manager for him to use in place of browser based ones

I want to thank you for reading this entry, its appreciated, if you want to comment or continue the conversation, I am available over on the Fediverse here where this blog entry was originally posted. 

If you would like me to post more often (or less often) you can always buy me a coffee and tell me which I should do via the fediverse. 

Jase

This article was updated on Saturday, 16 September 2023

jase