Oh snap: Thousands of Hotmail passwords leaked online. [Update]

by Mike
Posted October 5th, 2009 at 9:23 am

**Update 4: Looks like this just became everybody’s problemRead more here…

If you pride yourself in being a Windows based (@hotmail.com, @msn.com and @live.com) email user, now’s the time to possibly think about changing your password. You see, an anonymous user at Pastebin.com (a site that allows developers to share code) apparently uploaded the passwords of thousands of Hotmail users on October 1st. Not exactly great news to start your Monday morning to, I know. Naturally staying on the up and up, Pastebin has already removed the content in question and forwarded a hail mary holy hell to Microsoft for further review. So far the count is right up around 10,000 breached accounts, though, the list was named “A through to B” meaning there could be more lists out there. Repeat: all Microsoft email domains: @hotmail.com, @msn.com and @live.com accounts are affected. Again, now would be a very opportune moment to change your password. We are waiting to hear back from Big M themselves so stay tuned for more details folks.

**To clarify, it’s account names and passwords that were leaked.

Update: We’re still waiting on anything from Microsoft themselves, however, BBC has a rather decent read on the issue at hand and has had contact with Microsoft. The latter whom have stated that they “are working as rapidly as possible on the subject” and of course are encouraging users to change the passwords. Anyone care to chime in?

Update 2: A Microsoft PR employee responded to an email I sent, though no new details were given except the usual “I’m talking to my colleagues…will get back to you with more info soon”. So…here we wait. Stay tuned.
Neowin > BBC

Update 3: Just received a more in depth response from a Microsoft Spokesperson whom rehashed most of what we’ve seen so far:

Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

Microsoft recommends customers use the following protective security measures:
• Renew their passwords for LIVE-IDs every 90 days
• For administrators, make sure you approve and authenticate only users that you know and can verify credentials
• As phishing sites can also pose additional threats, Install and keep anti-virus software up to date

We’ll continue to follow the story to see if anything else interesting comes up.

Image Source

Discover and Share

One ResponseLeave a comment
Add a commentGet a Gravatar

* Name

* Email Address

Website Address

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 5,221 bad guys.

Spam Protection by WP-SpamFree

You can usethese tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Google Translate
Around The Site