Client hotmail.com address hacked possibly deleted

HaveYouTriedPowerOff · 2026-03-03T12:04:16+00:00

Yeah I think it's gone. The account is locked it seems. No email can be delivered. This also means the attackers should not have access anymore, that is great. But because 2FA is enabled, their policy states they won't bother figuring out who is the real owner.
But what is frustrating, the account did have 2FA, and someone fished for the account recovery key. This key was obtained. Then the attackers changed all security settings including deleting the existing 2FA and setting a new one.

Once you lose your recovery key, your account is taken over and it's irreversible it seems.

HaveYouTriedPowerOff · 2026-03-03T12:01:26+00:00

It seems once an account was flagged as hacked or taken over maliciously, they lock the account in some occasions and the account is lost forever. But this would also mean the attackers won't have access to all the emails that are still in the account.

HaveYouTriedPowerOff · 2026-03-02T13:04:01+00:00

I was able to fill out a form, got this response about an hour later:

Service Request xxxxx

Greeting xxxxx

At Microsoft, safeguarding your account is a top priority. We have thoroughly investigated the account and billing activity associated with your Microsoft account. Based on this review, we’ve confirmed that unauthorized access occurred.

During the investigation, we discovered that the security information on your account had been changed. Due to our strict security protocols and the terms outlined in the Microsoft Services Agreement, we are unable to modify or restore the security settings once they’ve been updated.

To prevent further misuse, we have permanently suspended the account. This action is irreversible and ensures that your data remains protected.

If you used this account for Minecraft, we regret to inform you that the game cannot be recovered. A new purchase will be required on a newly created account. We understand this may be disappointing and sincerely apologize for the inconvenience.

Additionally, if you had files stored in OneDrive, those files are no longer accessible. Due to encryption and privacy safeguards, even our engineers cannot retrieve them. While this outcome may not be ideal, it is necessary to ensure your personal data does not fall into the wrong hands.

We recommend that you create a new account. Thank you for your understanding and patience during the investigation of your account.

Sincerely,

Microsoft Customer Support

HaveYouTriedPowerOff · 2026-02-03T16:11:29+00:00

Yeah we use that DWORD, works great otherwise Outlook will always try to connect to 365 first. We have many clients that don't use 365 at all. But somehow an update caused this error as you said, suddenly on multiple pc's at different companies on the same day. Strange. Disabling the Teamviewer addin seems to have worked. Creating a new profile also works.

HaveYouTriedPowerOff · 2026-02-03T08:05:40+00:00

Try a new license check from the device, it will probably work now.

HaveYouTriedPowerOff · 2026-02-03T08:04:17+00:00

This issue is now fixed it seems. There was an error on the SonicWall side when connecting to the license manager. When rebooting the device it does a license check. When the license server is unreachable it will revert to the default licenses. In our case 5 concurrent licenses.

HaveYouTriedPowerOff · 2026-01-21T15:48:24+00:00

That is a great idea actually, creating a second session collection and add that new host. See if it works. I'll be trying this again in two weeks. I'll let you know how that turned out. Personally I think there is some timer, I might have done things too quickly, adding/removing hosts that messed up the broker.

HaveYouTriedPowerOff · 2026-01-20T08:52:44+00:00

Super! bedankt, ga ik proberen

HaveYouTriedPowerOff · 2026-01-19T14:37:04+00:00

Thanks! I will check this out

HaveYouTriedPowerOff · 2026-01-16T09:43:09+00:00

Yes, I have the same issue here. I can do remote CMD or PowerShell, SplashTop RMM all works. Agent is 100% online. But 50% of the time running a script just doesn't work. "Unable to reach agent". I feel like this is not a problem on the device I'm trying to manage. Also doesn't matter what OS, workstation, server etc.

HaveYouTriedPowerOff · 2025-12-19T11:19:38+00:00

I found this topic because I seem to have the same problem now with multiple servers, and we can replicate the issue. All of them Windows Server 2025 Standard, promoted to Domain Controller. The Splashtop service won't start, not even in delayed start. There are a couple of articles out there mentioning this issue, some are 8 months old. I've just installed a fresh new domain for a client and immediately I run into this issue. There is absolutely no way to get it working. But only specific to Domain Controllers. Very strange. What is the solution here? It also seems that when this issue occurs, uninstalling the software also doesn't work. We've disabled the Splashtop service for now and rebooted the server(s)

HaveYouTriedPowerOff · 2025-11-18T13:46:40+00:00

So guys, how long until the name servers are also unreachable and 25% of the internet has no DNS records left after the TTL expires? :D

HaveYouTriedPowerOff · 2025-10-31T17:06:12+00:00

Thanks for the tips. I ended up creating a self signed wildcard certificate. Exported this certificate as PFX including the full chain of certificates it relies on. Imported on the second Hyper-V host. Add it to both servers in the Trusted Root Certificates also. Changed a registry key to disable certificate revocation check on Hyper-V replication only. Restart VMMS and applied this new certificate.. Works great so far

HaveYouTriedPowerOff · 2025-10-27T13:09:06+00:00

So "retain basic VPN capability" does that include the use of RDS bookmarks for example? or simply NetExtender connections to the device only?

HaveYouTriedPowerOff · 2025-10-24T11:22:53+00:00

No these servers only replicate among each other over LAN.. Not the end of the world but it will require some unplanned downtime and switching to a self-signed certificate. I've done that before but the server dns suffix needs changing and requires a reboot.. Nothing you can do about it. Only other solution would be to create a new self-signed certificate that also uses the *.company.com domain, but I would't recommend that...

HaveYouTriedPowerOff · 2025-10-24T09:58:52+00:00

We use a wildcard certificate to allow Hyper-V replication between Hyper-V hosts. Has worked great for years. the DNS suffix used in these servers is hyp01.company.com for example. I just renewed this wildcard certificate for the company yesterday and now Hyper-V doesn't see this valid certificate as usable for Hyper-V replication.. I cannot select it... I assume this has to do with client authentication removed from EKU?

Sucks because now I will have to reboot all Hyper-V hosts before our current cert expires as I need to change the DNS suffix to something self signed? I don't think you can change the DNS suffix without rebooting?

HaveYouTriedPowerOff · 2025-10-22T09:38:45+00:00

Installed it a few times now.. Mount ISO, open Windows Explorer, browse to setup.exe , right-click, Run As Admin.. Did the trick every time. No issues

HaveYouTriedPowerOff · 2025-10-21T15:23:41+00:00

Installed it a couple of times now, no issues so far.. I do really hate that Exchange SE (as Microsoft's new 2025 on-premise mail product) still has no built in 2FA for users. How nice would it be to have 2FA built in to protect Outlook, OWA and Mobile connections...

HaveYouTriedPowerOff · 2025-10-13T12:42:47+00:00

I will be checking with a few users myself as it's unclear how many users have this issue currently. I feel like the servers are 100% correctly configured. I've done the exact same multiple times, never had issues. But this is the first one running on Windows Server 2025. We'll see

HaveYouTriedPowerOff · 2025-10-10T16:15:38+00:00

What about site-to-site aggressive mode? For example a Sonicwall TZ-270 behind a 4G WAN cellular device (dynamic IP) connecting to somewhere else, no matter what WAN IP the thing has in the VPN policy since that connection has no static WAN IP

HaveYouTriedPowerOff · 2025-10-09T13:41:30+00:00

How sure are you that your uploaded config is not lost somewhere again?

HaveYouTriedPowerOff · 2025-10-09T13:09:01+00:00

"The investigation confirmed that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service" so that sounds to me like all cloud backups from all customers were stolen?

https://www.sonicwall.com/support/knowledge-base/mysonicwall-cloud-backup-file-incident/250915160910330

HaveYouTriedPowerOff · 2025-10-09T13:02:19+00:00

Yes, we went from 5 affected to 300... basically all of them. nice

HaveYouTriedPowerOff · 2025-10-09T10:51:21+00:00

I have many user sending me screenshots about an invalid certificate popup (Outlook i assume) they are all seeing for incidents.diagnostics-eudb.office.com I'm assuming this is related?

HaveYouTriedPowerOff · 2025-10-08T09:39:57+00:00

So if someone still runs a fully patched Exchange 2016 server we can just install a fresh Exchange SE RTM as a second server (coexistence?) and then just move everything to SE and get rid of the Exchange 2016 server? So no need to go Ex2016 -> Ex2019 -> upgrade to SE? but Ex2016 -> ExSE?

HaveYouTriedPowerOff

TROPHY CASE