Thousands of Hotmail/win live passwords leaked online
- Thread starter _Jimlad_
- Start date
Soldato
I m .co.uk but I changed for the second time this month
don't really mention .co.uk accounts
don't really mention .co.uk accounts
Spread to GMAIL & YAHOO
Microsoft confirmed yesterday evening that the popular web email service, Hotmail, had been targeted by malicious fraudsters in what is commonly referred to as a phishing scam, tricking users into revealing their credentials at fake websites.
Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised. Non-Hotmail passport accounts have been affected too. A new list contains email accounts for Gmail, Yahoo, Comcast, Earthlink and other third party popular web mail services. It's not clear if this is login information for the service itself or the Microsoft Passport passwords.
Microsoft confirmed Neowin's exclusive report yesterday evening and issued a statement on a company blog:
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
It's clear the lists are the result of a phishing scam and some commenters at Neowin suggest it could be the result of unwitting users sending their credentials to sites that name who has blocked you on popular instant messaging software Windows Live Messenger.
Neowin has once again reported the new lists to Microsoft's Security Response Center and can confirm that the lists originated from pastebin.com, a site commonly used by developers to share code snippets. Pastebin owner Paul Dixon confirmed that the site was down for maintenance due to "an unprecedented amount of traffic" after our initial reports. Dixon stated "Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications."
Update: The phishing attack has spread to Google Mail and Yahoo mail amongst others, we're currently awaiting full confirmation on the number of accounts at each service.
Microsoft confirmed yesterday evening that the popular web email service, Hotmail, had been targeted by malicious fraudsters in what is commonly referred to as a phishing scam, tricking users into revealing their credentials at fake websites.
Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised. Non-Hotmail passport accounts have been affected too. A new list contains email accounts for Gmail, Yahoo, Comcast, Earthlink and other third party popular web mail services. It's not clear if this is login information for the service itself or the Microsoft Passport passwords.
Microsoft confirmed Neowin's exclusive report yesterday evening and issued a statement on a company blog:
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
It's clear the lists are the result of a phishing scam and some commenters at Neowin suggest it could be the result of unwitting users sending their credentials to sites that name who has blocked you on popular instant messaging software Windows Live Messenger.
Neowin has once again reported the new lists to Microsoft's Security Response Center and can confirm that the lists originated from pastebin.com, a site commonly used by developers to share code snippets. Pastebin owner Paul Dixon confirmed that the site was down for maintenance due to "an unprecedented amount of traffic" after our initial reports. Dixon stated "Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications."
Update: The phishing attack has spread to Google Mail and Yahoo mail amongst others, we're currently awaiting full confirmation on the number of accounts at each service.
Soldato
why do they spell it phishing and not fishing?
Actually what they are doing is more like pan handling than fishing scooping out tonnes of mails to find a nugget who is daft enough to click on the link.
The mail must have been pretty good though to beat hotmail's antispam and also fool people.
Actually what they are doing is more like pan handling than fishing scooping out tonnes of mails to find a nugget who is daft enough to click on the link.
The mail must have been pretty good though to beat hotmail's antispam and also fool people.
for making it out to be leaked passwords..
Soldato
leet speak, it's not just phishing either, phreaking is another one which springs to mind...
its good practice anyway
yeah but i have a **** memory so this will probably cost me my email account i na few weeks when i forget the password
yeah but i have a **** memory so this will probably cost me my email account i na few weeks when i forget the password
, work make us change passwords every 3 weeks and doing it on a friday is killer come monday morningCouldn't log in to my Yahoo account this morning and my iPhone also said invalid password. Changed it but I'm extremely worried. Did Yahoo disable it or has some scum already been in to my mail and read things. I didn't have any other messages from BT to report my password had been changed until I did so myself, and the messages are also sent to an external email address for security.
na they would surely change your password, just update your password and qestions