Warning: Hotmail Passwords Leaked Online
Over ten thousand Hotmail account details have been published online.
Earlier today, Microsoft announced that it's currently looking into a possible phishing scheme that has exposed the passwords of "thousands" of Windows Live Hotmail accounts. Evidence of the hack originally surfaced over on pastebin.com last week (October 1) where the assaulting party posted the account addresses and passwords, most of which resided in Europe.
However, Neowin reports that it caught part of the list before it was removed, saying that more than 10,000 accounts were revealed. Unfortunately, the list only covered the letters A and B, indicating that there were thousands more not yet exposed to inquiring minds. The listed addresses include users with @hotmail.com, @msn.com, and @live.com domains.
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme," Microsoft said. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
Microsoft added that Hotmail users should change passwords every 90 days. Administrators should approve and authenticate known users, and those that can show credentials. Users should also keep anti-virus software up to date, Microsoft said.
- Palm Fights Back, Reactivates iTunes Syncing
- 250 GB PS3 Slim Shows Up in European Store
- PSPgo: Hacked Just Days After Release
- Hydrogen-powered Mobile Phone Chargers
- Google's Chrome OS May Arrive Next Month
- Hack Stuff? Homeland Security is Hiring!
- Nintendo Acknowledges Wii Update Bricking
- Student Wins '1984' Suit, $150K Against Amazon
- Report: Palm Pixi to Ship October 20
- VIDEO: Boeing's Advanced Tactical Laser; Pew
- Google and Verizon Announce Android Partnership
- FTC: Bloggers Must Reveal When Paid for Reviews
- iPhone Exclusivity Ends in Canada
- Study: Internet Addicts Are Like Drug Addicts
- PSP Go Gets Early Price Break in the UK
- Flash Coming to iPhone Too... Somewhat
- Hollywood Assaulting Pirate Bay ISPs
- Nintendo Attempts to Kill All R4 Revolutions
- AT&T Green Lights VoIP Apps for 3G, iPhone
Good thing I switched to Gmail.
gg micro$oft
^if you read the article you would see that it wasn't microsofts fault. It's a User ID10T error, or errors i suppose...
Good thing I switched to Gmail.
With comments like that (Lacking common sense), I can understand how people can fall for phishing scams.
I wonder how many people will sue Hotmail/Microsoft. I will if my info is out there and I see more spam email/mail.
I wonder how many people will sue Hotmail/Microsoft. I will if my info is out there and I see more spam email/mail.
If your info is out there it is your own damn fault for failing to use common sense in regards to a phishing scam...
people never cease to amaze me
Good thing I switched to Gmail.
All hail the GMail, the phishing-free mail service!
Click!
the big question I have is, was it a phishing scheme or a hack? Big difference.
If it was a phishing scheme, I don't much care.
If it was a hack, I need to change my passwords asap (european b*@hotmail address).
citation][nom]RahBoT[/nom]I wonder how many people will sue Hotmail/Microsoft. I will if my info is out there and I see more spam email/mail.[/citation]
Are you THAT retarded? You're going to sue Microsoft because you're stupid enough to fall for a scam and give out your password?
Kids, get the f*** out
the big question I have is, was it a phishing scheme or a hack? Big difference.If it was a phishing scheme, I don't much care.If it was a hack, I need to change my passwords asap (european b*@hotmail address).
READ YOU PIECE OF CRAP.
"Earlier today, Microsoft announced that it's currently looking into a possible phishing scheme that has exposed the passwords of "thousands" of Windows Live Hotmail accounts.
...people never cease to amaze me
That's because stupidity has no boundaries.
Wow, I'm surprised at how many people comment without reading the article first.I use hotmail. I just hope that I wasn't part of that "B" list that got loose.
Good thing I switched to Gmail.
That won't protect you from phishing.
If you don't pay attention, you are a sitting duck. Always double check the address bar to make sure that it IS the site you think it is.
Or else some sassy hacker will phish your Tom's account.
I have Gmail and Hotmail. I get less spam on Gmail, but that's most likely due to the fact that that's a school account, and I don't use if for shit like Facebook or youtube. But I still like hotmail... it's definitely not a bad service.
Either it was one hell of a phishing scheme, or MS is lying, and it was really a hack... For people to actually give their login credentials(instead of just personal info), it would have to be pretty convincing, and would've had to have gone on for quite some time without getting caught, otherwise it would be marked as spam...
...But since they're saying "probably phishing", that means "probably a hack", otherwise, if it were phishing, they would've identified the phishing email and site already... Getme?
Um let me see I have a hotmail account which I dont use so if they do some how get my stuff then I would sue.
did they even take the list down?? then what is this list that I came across online with all hotmail, gmail, yahoo and what not email addresses and passwords.
anyone stupid enough to fall for a phishing scam, or even use a web interface for their email, deserves it.
Use outlook or any other REAL email prog and add your hotmail address. Done.
Yea abbadon, because Outlook and "Real email progs" don't have any software vulnerabilities either. Sigh. Remember what happened with Outlook on Service Pack 1?
The glorious concept of "password security":
1) it should contain random mixture of numbers/uppercase/lowercase letters, like 1S#aZcH14
2) you dare not write it down anywhere!
3) you must change it every 90 days
right...
It was most probably a phishing scheme, I have noticed a lot of spam mail coming in recently telling you that you can check who has blocked you on Messenger.
As an IT manager I checked the sites that were linked into the e-mail, when you get there it requests you to enter your MSN/Live id and password, no doubt many people fell for this and did so.
There really needs to be more done about such attacks really, yes the consumer needs to be aware but these hosting services that are just allowing these sites to be built without taking any ID from the builder of the site are perpetuating the problem. It is simple really if you want a web presence, prove who you are, this would cut down a lot of these scams
@dingumf : I think you deserve some kind of prize. I've read your posts of the last month and not a single time did you write something without calling someone a effing retard, moron, piece of s***, and so on. Bravo. Very rewarding.
Hey I got sick and I will sue my doctor.
...
Idiot.
I suspect this may be related to the "Click here to see who has blocked you on Messenger!" email that floated around a few days ago. Click the link, "log in" to the site, and there you go.
I don't know what people were presented with when they logged in, I am not that stupid, but I had several co-workers get hit with this and it immediately spammed out to their contacts list.
It was validating to see the uppity Tier 3 rep I work with get hit by this. I've always known she doesn't have the qualifications to be in the job she has, and for me this proved it.
You can have the most secure servers or systems in the world, but that wont help you if you give out your "F"ing password.
Gmail was affected too:
http://news.bbc.co.uk/2/hi/technology/8292299.stm