A friend's email was hacked and his email address was sending around spam. I alerted him, and he investigated more than folks usually do. Here is what he told me:
Being technically inclined and somewhat baffled by the hack to my email I did some further investigating.
I was wondering how someone had my address book. I never put my address book on any server to my knowledge. Little did I know…
I used a product called Windows Live Mail when I first got this PC. I needed to use it to get at all my old outlook express emails form our previous computer that had died. After that I exported them and started using Microsoft Outlook which is really my main email program. Little did I know that Windows Live Mail created contacts from all my old emails and not only that, but it also puts them up on their server for my convenience so that if I use a web based email like Outlook.com I would have all my contacts available wherever I go. And so do the hackers.
I wish I had known about this because I would have taken steps to delete all those contacts. It was pretty tricky deleting them actually. I have do delete them both locally and also at the server because otherwise they synch up. I’m still not positive they are completely gone. They seem to have an option for getting back deleted contacts.
It really seems to me that Microsoft is to blame here. Putting my address book on a server that can be accessed by a hacker is really not a great idea. And the worst part is that I was not aware they had done this when I used Windows Live Mail.