Thousands Of Hotmail Passwords Leaked Online
October 5, 2009 03:13pm
Thousands of Hotmail passwords have been hacked and posted online, according to reports. Microsoft, which owns the popular web-based email system, told BBC News that it was aware of the claims and that it was "investigating the situation".
A report on technology blog neowin.net said that the details of "over 10,000" accounts had been posted to a website. The blog suggested the accounts had been hacked or had been collected as part of a phishing scheme.
Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and passwords.
Neowin claims the details were posted on 01 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, the website said it had seen part of the list. "[We] can confirm the accounts are genuine and most appear to be based in Europe," Tom Warren, a neowin blogger, wrote on the site.
He said that the list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Microsoft said it had "been made aware of the claims that Windows Live IDs and passwords have been made available on the web". "We're actively investigating the situation and will take appropriate steps as rapidly as possible," a spokesperson said.
Neowin said that it recommended Windows Live Hotmail users to change their "password and security question immediately".
Hotmail is currently the largest web-based email service.
Source: BBC News (Technology) | Neowin
Story Updated... October 5, 2009 08:02pm
Source: BBC News (Technology)
Microsoft has confirmed that thousands of Hotmail accounts have been compromised in a phishing attack. BBC News has seen a list of more than 10,000 e-mail accounts and passwords which had been posted online. The software giant, which owns the web-based e-mail system, said that it "had launched an investigation".
Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and other private data. "We are aware that some Windows Live Hotmail customers' credentials were acquired illegally and exposed on a website," said a Microsoft spokesperson. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers."
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts.
"We still don't know the scale of the problem," he told BBC News.
Technology blog neowin.net was the first to publish details of the attack. It said the accounts were posted on 1 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,028 names beginning with the letters A and B. BBC News has confirmed that the accounts are genuine and predominantly originate in Europe. The list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Mr Cluley advised Hotmail users to change their password as soon as possible. "I'd also recommend that people change the password on any other site where they use it," he said. Around 40% of people use the same password for every website they use, he added.
Hotmail is currently the largest web-based e-mail service.