Thousands of Hotmail/win live passwords leaked online

[_Jimlad_]

might wanna change your password if you have a hotmail/live account


Neowin has received information regarding a possible Windows Live Hotmail "hack" or phishing scheme where password details of thousands of Hotmail accounts have been posted online.

An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft's Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

Neowin has reported this immediately to Microsoft' Security center and to Microsoft's PR teams in the UK and US and we are currently awaiting feedback on the situation. As this is a breaking story please check back frequently as the story will be updated as soon as more information becomes available.

If you are a Windows Live Hotmail user we recommend that you change your password and security question immediately.

http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online

Hit the BBC now...

http://news.bbc.co.uk/2/hi/technology/8291268.stm

 

[_Jimlad_]

don't flame me, just worth noting i guess and maybe consider changing if you feel the need, i know this happens a lot but its been mentioned on a few could IT sites so i'm taking note

 

[_Jimlad_]

If it's phished only then I would imagine us lot are safe but it doesn't say in the op for definite if it was just a phishing scam or if it was a database hack. In this instance, even though my hotmail account is used purely for spam purposes (ie the receival, not generation of), I think I'll play it safe and change my password.

there is a link which might have more info

 

[_Jimlad_]

also if you have a hotmail account this is the time to switch to the daddy go gmail...

 

[_Jimlad_]

Googling your email address would be a good place to start.

lol

 

[_Jimlad_]

I would do if I could actually get a gmail account now. Unfortunately it seems you're only allowed @googlemail.com now.

well there are plenty of ways around that my friend, after all you need to do is make google think your not in the UK,

http://www.google.co.uk/#hl=en&sour...=&aq=2&oq=how+to+get+a+gm&fp=55b1114b05e94ce9

You can still use the "@gmail.com" extension with a "@googlemail.com" account I think

yeah you do, but when you mail people it comes from that and does not look as cool

 

[_Jimlad_]

You still can get a gmail account. I just checked.

you have to fool the system into thinking you are out side of the uk, i signed my gf up for one while i was in Slovakia and used a proxy avoidance site for another one

 

[_Jimlad_]

Spread to GMAIL & YAHOO

Microsoft confirmed yesterday evening that the popular web email service, Hotmail, had been targeted by malicious fraudsters in what is commonly referred to as a phishing scam, tricking users into revealing their credentials at fake websites.

Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised. Non-Hotmail passport accounts have been affected too. A new list contains email accounts for Gmail, Yahoo, Comcast, Earthlink and other third party popular web mail services. It's not clear if this is login information for the service itself or the Microsoft Passport passwords.

Microsoft confirmed Neowin's exclusive report yesterday evening and issued a statement on a company blog:

"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

It's clear the lists are the result of a phishing scam and some commenters at Neowin suggest it could be the result of unwitting users sending their credentials to sites that name who has blocked you on popular instant messaging software Windows Live Messenger.

Neowin has once again reported the new lists to Microsoft's Security Response Center and can confirm that the lists originated from pastebin.com, a site commonly used by developers to share code snippets. Pastebin owner Paul Dixon confirmed that the site was down for maintenance due to "an unprecedented amount of traffic" after our initial reports. Dixon stated "Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications."

Update: The phishing attack has spread to Google Mail and Yahoo mail amongst others, we're currently awaiting full confirmation on the number of accounts at each service.

 

[_Jimlad_]

Kindda wish I'd read that is was a phishing thing before i bothered changing my pw :/

its good practice anyway

 

[_Jimlad_]

yeah but i have a **** memory so this will probably cost me my email account i na few weeks when i forget the password

, work make us change passwords every 3 weeks and doing it on a friday is killer come monday morning

 

[_Jimlad_]

Couldn't log in to my Yahoo account this morning and my iPhone also said invalid password. Changed it but I'm extremely worried. Did Yahoo disable it or has some scum already been in to my mail and read things. I didn't have any other messages from BT to report my password had been changed until I did so myself, and the messages are also sent to an external email address for security.

na they would surely change your password, just update your password and qestions