Hotmail passwords leaked online
Thousands of Windows Live Hotmail passwords have been leaked online, Microsoft has confirmed. The news was first reported by Neowin.
According to Microsoft, it "learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site" at some point over the weekend. Neowin originally reported that the credentials were posted to a developer forum on Pastebin.com on October 1.
After learning of the breach, Microsoft "immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," it wrote on its Windows Live blog.
The company was quick to point out that credentials were stolen through what was "likely a phishing scheme." The company said that it "was not a breach of internal Microsoft data." It's currently "working to help customers regain control of their accounts."
Microsoft did not immediately respond to CNET's request for comment.
Microsoft didn't say exactly how many accounts were affected, but Neowin reported that the original list displayed accounts with names starting with "A" and "B."
Twitter and other social networks are abuzz with people advising others to change their passwords. Microsoft wrote in the blog post that those who believe they were affected by the phishing scheme should immediately do just that.
Updated at 1:30 p.m. PDT to include Microsoft's confirmation of the breach.
Don Reisinger is a technology columnist who has written about everything from HDTVs to computers to Flowbee Haircut Systems. Don is a member of the CNET Blog Network, and posts at The Digital Home. He is not an employee of CNET. Disclosure.
Whats worse to imagine is emails beginning in common letters like S, or the concern that if this isn't just hotmail... the number of all email accounts that could be vulerable.
I mean seriousally, if this was someone pulling from a database of all the people who fell for the phishing scheme, they could pull out a list by domain (@hotmail, @live, @live.uk, @msn) using SQL easily.
Still...**changes password**
Is that still around? Maaahahaa...
Most headlines sure doesn?t reflect that.
Glad it?s just a phishing scheme though, as well as sad that there?s peoples still falling for something like that.
http://gs.gomessenger.net/
http://news.cnet.com/Hotmail-hit-by-new-round-of-problems/2100-1023_3-227776.html
Go do some reading, also if you have a Mac; it will block that site
And any browser with phishing detection will block that site, not just on Mac
What we need is truly aggressive prosecution, top to bottom, of every phishing and bot activity, instead of helping them by assuring people that only the stupid fall for phishing.
I have NEVER seen a specifically-targeted phish like the one "cerebral_but_dull" presented. And while I'm sure some do exist, they are a tiny tiny fraction of the phishes that are out there, and their number of victims has to be tiny as well, compared to "all phishing victims".
There are all sorts of mitigation tactics that are being using to address the issue, but if end-users continue to "click on anything" they get online or in email, if they continue to pass around rumors and chain-letters without any sort of fact-checking, if they continue to operate insecure computers without current patches, without current security tools, etc... then the problem will do nothing but get worse.
Microsoft is finally offering what I hear is a "decent" security tool ("Security Essentials") which is free of charge. Maybe that will have a positive impact due to all the [lazy | ignorant | cheapskates] who refuse to install or keep updated any other A/V or security tool.
-
by pjk0
October 5, 2009 4:50 PM PDT
- Oh - and as long as millions of people continue to use THE SAME PASSWORD EVERYWHERE, these problems will continue to be disasters.
-
Reply to this comment
-
(22 Comments)You would think that if during the 20th century people finally learned some basic rules to keep alive (like looking before crossing train tracks, not drinking water out of ditches, etc.) that they would be able to learn in the 21st century certain no-brainers like not using the same password everywhere.
People may just be getting stupider and stupider.