Suing Microsoft in small claims court for failure to provide effective recovery process to take account back from Russian hackers

This must be illegal and open Microsoft to a class action lawsuit.  They have no failsafe to recover a hacked account, when their automated system fails.  My account was hacked by Russians (new email address ends in .ru) -- changed password and email address, so I can't use normal "forgot password".  The only support is chat and the chat people say they are powerless to do anything.  The only mechanism is the automated recovery process.  That process asks things like what zip code I was in when I opened the account -- which was 14 years ago!  I have moved so much I don't remember.  And I paid via Paypal but they insist that I provide a credit card number for the account, which there was none.  And so on.  Asking details that I don't have.  There is no live person who is able to verify that I am the true owner of my account.

The truly bad part is that now Russian hackers have access to my chats that were used to transmit login and password information.  And in some cases financial information.  I had the expectation that Microsoft would keep my account secure, and so used Skype for this kind of sensitive information.  But they failed to protect my account, and now they have failed to provide a way to get may account back!  This is the worst kind of failure.  That's been my primary means to communicate with my son after I split with his mom.  That has all our chat history going back 14 years, from the time when he was 7 years old.  It's lost.  Because Microsoft is too <insults deleted> to provide a live human being to verify that it's my account and that I've been hacked.  I'm researching how to sue them in small claims court.

  
 

Discussion Info


Last updated December 8, 2019 Views 370 Applies to:

Generally speaking for someone to gain access to your account they either would have to access to your personal information, determined your password or gained access to your devices. This would be more social engineering and computer vulnerabilities rather than any actual security vulnerability in the Skype network. The system they have in place, along with the questions asked, should be able to be answered by the actual account owner. I believe some minute details help verify an owner over a friend/relative of the owner. If more details ensure the proper owner, less details would probably make your account more vulnerable to outsiders. No one, especially strangers, should have more information on you than you. Address information should be retrievable from any of your records through past purchases or even your taxes. While I personally believe more verification options should be available, those are the options that exist. If accounts have suspicious/malicious activity, they might be suspended so that no one can access the account.

Only the last 30 days of information is stored in the Skype cloud. If your account was accessed by someone else in another location, that is the only data that would be retrievable. If you had stored payment information, you could alert the payment processor. You can still gain access to any local history you have stored in your local main.db file.  You could use third party software like SkypeLogViewer to retrieve any history you need.

The only legal method or way to dispute issues is by filling a dispute prior to arbitration. By filling a dispute, there might be other ways for you to prove that you are the actual owner of the account. If you would be out of services for the duration of the dispute you could add that to your initial dispute. 

I agree, the process they have _should_ be able to recover my account.  As a matter of fact, it doesn't.  Means something is broken, no?  That's what humans are for.  MicroSoft is negligent by providing insufficient failsafe.  Note fail _safe_ as in the thing that kicks in when what _should_ work doesn't.

On legal action, it is well established that we can, in fact, sue MicroSoft successfully in small claims court, despite their legal maneuvers designed to get away with this kind of behavior without consequences.  Note "small claims court".  The rules are different there.  I am in the process of serving MicroSoft notice to appear through the secretary of state.