Hotmail Phishing Attack: Time To Change Passwords - gHacks Tech News

Hotmail Phishing Attack: Time To Change Passwords

Microsoft confirmed recently that thousands of Windows Live Hotmail customer's credentials were exposed on a third-party website. According to Neowin, the account information was posted by an anonymous user at the Pastebin website.

The list that was posted contains over 10.000 account details of accounts starting with the letters A and B which suggests that additional lists may be in the hands of the third-party.

Initial investigations suggest that only accounts used to access Windows Live Hotmail were affected (which includes email accounts ending with hotmail.com, msn.com or live.com).

Microsoft determined that the attack was not a breach of internal Microsoft data and believes that the account data was gained by a phishing attack. Phishing attacks are common ways these days to lure users into entering their account data on websites that look like the real deal but are not.

It is often the case that users are redirected to the "real" website after they have entered the data on phishing sites so that they do not suspect any foul play as everything works as intended with the exception of having to enter the account credentials again.

Hotmail users are encouraged to immediately change their account password to protect the account from unauthorized access. It is furthermore recommended to change the account password on other websites if the same password was used for accounts there as well.

A good tool that can help users create and use secure passwords is the Last Pass extension which is available for Firefox, Internet Explorer and Google Chrome.

The most recent update confirms that more than 20,000 accounts are affected and that the list includes non-Hotmail accounts as well.

If you believe that your account may be affected, then it is suggested that you act immediately and change your account password on all accounts that may be affected by it, including those where you are using the same account password and username.

One of the best ways to protect your online accounts against phishing attacks is to use a password manager. You use it to generate a unique password for each service and need to remember only the master password to unlock the encrypted password database.

Update: We have published a follow-up article that provides an analysis of the leaked passwords.

Summary
Article Name
Hotmail Phishing Attack: Time To Change Passwords
Description
Microsoft confirmed recently that thousands of Windows Live Hotmail customer's credentials were exposed on a third-party website.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. HNicolai said on October 5, 2009 at 11:51 pm
    Reply

    WOW, 10.000 stupid users with a mail starting with “A” or “B”.
    Damn, maybe it would be a good idea to start phishing?

    I mean, I thought that those scammer was some stupid kid/guy with too much free-time, but if there exist that many stupid people it might be a nice business plan to scam?

    No, don’t worry, Im one of the “good guys” :P

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.