Security Bytes

Oct 6 2009   3:03PM GMT

Massive phishing scheme affects Microsoft Hotmail accounts



Posted by: Robert Westervelt
Tags:
Phishing
webmail security

Hotmail passwords stolen; Gmail, Yahoo affected as well.

Microsoft is blaming a highly successful phishing scheme for pilfering thousands of passwords to Microsoft Hotmail Live email account holders. In a blog posting, Microsoft said the Hotmail credentials were stolen over the weekend and posted to a third party website. In an update it said it was working to block access to exposed accounts.

Microsoft has set up a process for affected account holders to reclaim their Hotmail account.

Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

According to a report by Neowin.net, an anonymous user posted details of the phished account credentials Oct. 1 at pastebin.com, a site commonly used by developers to share code snippets. The list contained information on more than 10,000 accounts, according to the report.

An updated Neowin report found other webmail services affected as well including Comcast, Earthlink account holders.

Attackers have been stealing credentials to webmail accounts for years. The accounts are targeted to steal information or to be used as a platform to set up spamming runs before the accounts are identified and shut down by the email provider. If anything the message here is to get into the habit of regularly changing your passwords.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: