I’ve had a Hotmail account for years, and today I went to sign into it to retrieve and old e-mail address and was met with:
Which is interesting in an of itself, you would think that rather than having a link to ANOTHER form, they would have just put the form at the bottom of the page, or better yet have a challenge or a captcha (that’s better than the obviously insufficient one that let the spammers create the account in the first place) to let me reinstate my account after proving I’m a human. So instead they send me off to yet another page:
Hmm, interesting, the same as the first page, except now they let me know that I probably didn’t violate their TOS (actually I’m sure I have doing something, not that they’re actually noticed). Additionally, there isn’t a form to fill out here, in fact there’s barely even a contact e-mail at the bottom of the page – but alas, I can’t use my e-mail account!!! Somebody fails here, as they’ve suspended my e-mail account. So now what I would have to do is sign up for e-mail with somebody else! Great move, drive customers to OTHER service providers so they can send you an e-mail begging for their account back.
I was eventually able to figure out that my account had been sending spam messages, so either the password was too weak and dictionary attack got it, I logged into this account through a bad access point and someone pulled it from the traffic, or I was on a computer with a keylogger/malware that pulled it. I rarely use the account except for MSN/Live Mesh, when I log into Hotmail I go directly to the page from a browser so I really doubt I got hit by someone phishing with a fake site.
Moral of the story: use strong passwords and change them often, other moral is if you’re designing a web interface make sure you have a logical system set up for your users, in this case likely there are many programmers at M-soft and somebody never checked the links.