91-year-old's Hotmail account hacked, only automated support responses

Question

My elderly mother has been locked out of an old Hotmail account that I wasn't aware existed and I'm finding it impossible to figure out how to get access back, continually hitting automated brick walls without even some kind of live chat. I'm concerned it's going to be used for identity theft. Timeline (UK):August 15th afternoon - She gets a message to her iCloud email address (presumably used as a backup for the Hotmail account) saying "Action required for two-step verification"August 16th lunchtime - Another message saying "please use the following security code for the Microsoft account ab*c@hotmail.co.uk (where a, b and c are letters from her name).August 16th a few minutes later - Message saying "The following security info was recently deleted from the Microsoft account ab*c@hotmail.co.uk" giving her iCloud email address.She got in touch with me when she picked these messages up today - she's been drilled by me to get in touch when something suspicious like this comes up, and is generally pretty sharp at spotting dubious emails - but because she doesn't pick up her email address regularly it's seemingly too late for the usual recovery method of backup email address.What's particularly concerning is that they seemingly managed to get access to the Hotmail account without access to the iCloud account - the first email was about 2FA being set up on the account, and the iCloud account hasn't had the password changed or any security settings updated despite that being the backup account.I'm trying to get access back for her, but all I'm getting is an account recovery process that, if you don't get enough details right for the automated systems, just says "At this point, your best option is to submit a new form with as much accurate information as you can gather." This email account is clearly hers, as it had her iCloud account as a backup contact method, but she's not sure when or why she created it, so it's difficult to answer questions like "give us some email addresses that you emailed recently" or "give us some exact subject lines of recent emails."Does anyone here have any experience of this where they've managed to get through to a human being at Microsoft who can actually help? I understand it's difficult because the email address is old and she's not sure what's in it, but the fact that someone seems to have targeted it is giving me the heebie-jeebies.

MerelyMortal · Accepted Answer

It doesn't sound like it's worth persuing ("the email address is old and she's not sure what's in it"). You can try emailing the account in case the hacker is still looking at it, but my wild guess is that it was low-hanging fruit and the attacker abandoned it when they discovered nothing worthwhile for them.(The email could say, when you discover there is nothing worthwhile in the account, can you please give it back to my grandmother be setting the password to 'PleaseLetHerHaveItBack'.)

hertzrat · Answer

My mom wasn&rsquo;t hacked, but she lost her password and can&rsquo;t get a human to talk to for the life of her

unknownaccount · Answer

The fact that they make it impossible to get in touch with a human is actually a boon to security. Humans are the weakest link and most prone to social engineering. I&rsquo;m not sure why you think getting in touch with a human would help resolve your situation. If you don&rsquo;t have the right information to satisfy the automated system then why would a human be able to help you?

GraphenePants · Answer

It's unclear how the decision was made during the commissioning of your organization's email product that Hotmail met the requirements for validation. Is it the case that the offering of quality support was not included in the Requirements Trace Specification?