Posted by: Robert Westervelt
Phishing, webmail security
Hotmail passwords stolen; Gmail, Yahoo affected as well.
Microsoft is blaming a highly successful phishing scheme for pilfering thousands of passwords to Microsoft Hotmail Live email account holders. In a blog posting, Microsoft said the Hotmail credentials were stolen over the weekend and posted to a third party website. In an update it said it was working to block access to exposed accounts.
Microsoft has set up a process for affected account holders to reclaim their Hotmail account.
Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.
According to a report by Neowin.net, an anonymous user posted details of the phished account credentials Oct. 1 at pastebin.com, a site commonly used by developers to share code snippets. The list contained information on more than 10,000 accounts, according to the report.
An updated Neowin report found other webmail services affected as well including Comcast, Earthlink account holders.
Attackers have been stealing credentials to webmail accounts for years. The accounts are targeted to steal information or to be used as a platform to set up spamming runs before the accounts are identified and shut down by the email provider. If anything the message here is to get into the habit of regularly changing your passwords.