Hotmail adds "my friend's been hacked" reporting feature

The crowd-sourcing feature, which can be found in the "Mark as" menu, lets users report compromised accounts directly to Hotmail.

Faced with the sobering reality that about 30 percent of all Hotmail spam comes from compromised e-mail accounts, Microsoft has added a nifty "My friend's been hacked!" reporting feature.

The crowd-sourcing feature, which can be found in the "Mark as" menu, lets users report compromised accounts directly to Hotmail.

"When you report that your friend’s account has been compromised, Hotmail takes that report and combines it with the other information from the compromise detection engine to determine if the account in question has in fact been hijacked. It turns out that the report that comes from you can be one of the strongest “signals” to the detection engine, since you may be the first to notice the compromise," according to Microsoft's Dick Craddock.

Once an account is marked as compromised, Craddock said two things immediately happen:

follow Ryan Naraine on twitter

  • First and foremost, the account can no longer be used by the spammer.
  • When your friend attempts to access their account, they’re put through an account recovery flow that helps them take back control of the account.

After turning on the feature for just a few weeks, Craddoc said Microsoft is having success:
We’ve already identified thousands of customers who have had their accounts hacked and helped those customers reclaim their accounts. And we’ve found it to be very effective and fast. Accounts that you report as compromised are typically returned to the rightful owner within a day.
The company also plans to prevent our customers from using one of several common passwords when creating Hotmail accounts.