Massive phishing scheme affects Microsoft Hotmail accounts - Security Bytes

IT Knowledge Exchange

Register

Forgot Password

Site FAQ

Advertisement

Home > IT Blogs > Security Bytes > Massive phishing scheme affects Microsoft Hotmail accounts

» VIEW ALL POSTS Oct 6 2009 3:03PM GMT

Massive phishing scheme affects Microsoft Hotmail accounts

Posted by: Robert Westervelt

Phishing, webmail security

Hotmail passwords stolen; Gmail, Yahoo affected as well.

Microsoft is blaming a highly successful phishing scheme for pilfering thousands of passwords to Microsoft Hotmail Live email account holders. In a blog posting, Microsoft said the Hotmail credentials were stolen over the weekend and posted to a third party website. In an update it said it was working to block access to exposed accounts.

Microsoft has set up a process for affected account holders to reclaim their Hotmail account.

Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

According to a report by Neowin.net, an anonymous user posted details of the phished account credentials Oct. 1 at pastebin.com, a site commonly used by developers to share code snippets. The list contained information on more than 10,000 accounts, according to the report.

An updated Neowin report found other webmail services affected as well including Comcast, Earthlink account holders.

Attackers have been stealing credentials to webmail accounts for years. The accounts are targeted to steal information or to be used as a platform to set up spamming runs before the accounts are identified and shut down by the email provider. If anything the message here is to get into the habit of regularly changing your passwords.

Comment

RSS Feed

Comment on this Post

You must be logged-in to post a comment. Log-in/Register

BethJones | Oct 7 2009 5:41PM GMT

Bear in mind this wasn’t a single phishing attack. It was more than likely a multi-vectored attack, using email phishing, keylogging botnets and rogue social network applications. We at Sophos have seen indications of this, given the number of “fake” email addresses, as well as a list of “kid culture” passwords. See our blog posts:

<a href="http://www.sophos.com/blogs/sophoslabs/v/post/6719" title="http://www.sophos.com/blogs/sophoslabs/v/post/6719" target="_blank">http://www.sophos.com/blogs/sophoslabs/v…</a>
<a href="http://www.sophos.com/blogs/chetw/g/2009/10/06/hotmail-heist-update-release/" title="http://www.sophos.com/blogs/chetw/g/2009/10/06/hotmail-heist-update-release/" target="_blank">http://www.sophos.com/blogs/chetw/g/2009…</a>

The rogue applications is definitely worth noting. While people may be wiser to email phishing attacks, social media sites are much newer so the trust factor is still high. Remember what the trust factor was like in the 1990’s with email? I am on several of the social media sites and I see rogue applications that are collecting email addresses and passwords at least a couple times a month. The whole “If you liked this application, send it to your friends” is really a phishing attack - it asks for your email address and password to “send” to your friends. The phishers then have your information.

We here at Sophos also saw in the list a lot of kid culture passwords, which lends credit to the multi-vectored attack. An email phish wouldn’t work on a small child, but a “send this application to your friends” would.

Another point worth noting is that this isn’t the fault of the email providers. Their technology wasn’t in use at the time of the attack. Someone entered in the credentials. It would be just like handing them over to a stranger in the street. No tech from Google, Hotmail, etc would be in use there either.

Visit Information Security Home | Information Security News | Information Security White Papers | Information Security Videos | Information Security Resources

Ask an IT Question

About the Blogger

Robert Westervelt

Twitter.com/rwestervelt Rob is a news reporter and editor for SearchSecurity.com. Since joining TechTarget in July 2003, Rob has covered SAP, Oracle and the database industry for SearchDatabase.com, SearchSAP.com and SearchOracle.com. Prior to joining TechTarget, Rob was a newspaper reporter for five years at The Day in New London, Conn., where he wrote a variety of crime, general news, government and business stories while covering towns in Southeastern Connecticut. A military veteran, Rob served four years with the U.S. Air Force, U.S. Forces Police in Kaiserslautern Germany. He holds a degree in journalism from the University of Connecticut. READ MORE

>> READ MORE ABOUT THE BLOGGERS

Browse This Blog's Tags

Adobe Flash, Antivirus, antivirus software, Application Security, banking Trojan, cloud security services, Compliance, Conficker, cybersecurity coordinator, Data Breaches and Identity Theft, Data Breaches and Identity Theft, data security, DHS, federal cybersecurity, Firefox security, Identity and access management, Information Security Careers, Information Security Threats, Laws, Investigations and Ethics, malicious URLs, Microsoft Security, Microsoft Security Essentials, Mozilla security, Network Security, P2P, patch management, patching, PCI compliance, Phishing, Platform Security, Privacy, Project Minerva, ransomeware, risk, Rogue Antivirus, Security, security budgets, security jobs, Security Management, security research, Security Vendor News, shortened URLs, social engineering, social networking flaws, tokenization, Twitter security, Uncategorized, web application flaws, webmail security, Zeus Trojan

Security Wire Daily News

brought to you by SearchSecurity.com

Top spammer gets four years in jail for stock fraud scheme
Alan Ralsky, the self-proclaimed "Godfather of Spam," was jailed for his role in a stock fraud spam scheme.

Health Net breach failure of security policy, technology
Investigators should question why an external hard drive contained seven years of data, but IT security should have had the appropriate security polic...READ MORE

Cost of security, IT management add up at healthcare facilities, study finds
Digitalizing healthcare records and new health systems fail to cut costs, according to new research from Harvard University. Security and other manage...READ MORE

Exploit code targets Internet Explorer zero-day display flaw
Exploit code is publically available targeting an Internet Explorer cascading style sheet (CSS) handling error, according to Symantec.

Increase in Gumblar backdoors poses FTP credential problems
Security Researcher explains how to detect the Trojan, but many victimized website owners don't have the technical expertise to fix the problem.

Blog Roll

Help

Subscribe to Alerts

RSS feed of Security Bytes

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.

All Rights Reserved, Copyright 1999-2009, TechTarget | Read our Privacy Policy | Site Map

Podcast Powered by podPress (v8.8)