PDA

View Full Version : Microsoft Probes Hotmail Phishing Scam


MyRaider4Life
06-10-09, 11:30
Microsoft says the details of several thousand Hotmail accounts were illegally posted online as the result of a phishing scam.

On its Windows Live blog, Microsoft says it has since taken steps to block access to the accounts that were exposed and is helping users regain control of them. Microsoft says when it learnt about the problem on the weekend, it immediately requested the information be removed from the site. The security breach was reported on a technology blog which stated that 10,000 accounts were affected - mainly in Europe. Microsoft recommends email users change passwords every 90 days and regularly update anti-virus software.

Sorry, I forgot to get the link for this website.


http://im.rediff.com/money/2009/oct/hotmail1.jpg

Thousands of Microsoft's Hotmail accounts have been hacked in Britain after login details of more than 10,000 accounts appeared briefly on a web-site.

Thought to be result of a phishing attack the list of around 10,000 Microsoft Hotmail, Windows Live and MSN accounts were posted on Monday on technology website Neowin.net by an anonymous user, Daily Telegraph reported.

Neowin said the details appeared legitimate and most of the accounts exposed by the leak belonged to European web users.

Microsoft on Tuesday confirmed the phishing attack against users of the popular email service. But said in a statement that the culprit had not breached its security but had fooled e-mail users into handing over their details by creating an identical Hotmail website.

"Over the weekend, Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," it said, according media reports.

Users of Hotmail, Windows Live and MSN email accounts are advised to change their passwords and security questions immediately to block unauthorised access to accounts.

Hotmail is the largest web-based email service in the world, boasting an estimated 500 million users, with 14 million in the UK alone.

Link: http://business.rediff.com/report/2009/oct/06/tech-hackers-post-thousands-of-hotmail-account-passwords-online.htm
__________________________________________________ __________________________________________________ ______________________


So I would say not to add anyone you don't think you know, and stay alert. Also tell your friends.
Hopefully my email is not on the internet.

jamieoliver22
06-10-09, 11:37
You can still find a number usernames/passwords on the net, on the same site that it was uploaded to: http://pastebin.ca/1596417

Worth a check to see if any of your emails are on there, and if so - make sure you change your password ASAP.

Most of this is down to the users fault though, but typing their details into other websites (like the famous block checker websites) and not checking when they log into phishing websites.

Johnnay
06-10-09, 11:49
Is that website legal jamieoliver

I mean you found a site with passwords and hotmail addresses what will happen if someone here from trf hacks into one if those accounts:)

jamieoliver22
06-10-09, 12:16
Is that website legal jamieoliver

I mean you found a site with passwords and hotmail addresses what will happen if someone here from trf hacks into one if those accounts:)

The website is legal, and is meantioned on many articles about it. I found the link from an article I read this morning, and doesn't take two seconds to find them.

And it wouldn't be 'hacking' in the slightest. I posted so people could see if their email addresses are on there, and no doubt will be removed soon.

The usernames have spead like wildfire on the net, so if your username is on the list (or even if it isn't), you need to make sure that all passwords are chaged! It was originally posted on http://www.pastebin.com/ also, which has since been battered with excessive traffic.

touchthesky
06-10-09, 12:21
I am checking if mine was on the list...but it only shows you so many?

jamieoliver22
06-10-09, 12:22
I am checking if mine was on the list...but it only shows you so many?

It is only a list from A-B, the rest have since dissapeared.

Maybe it's time that everyone switched to Gmail? It is much better afterall...

Larson_1988
06-10-09, 12:22
I took the liberty to check if one of my email adresses were on there, fortunately not. :)

touchthesky
06-10-09, 12:23
It is only a list from A-B, the rest have since dissapeared.

Lame. Am gonna change my password anywhoo...just incase.

:o

Let me know if you get a link with them all, because..well..my boyfriends debit card details were hacked yesterday (someone bought stuff with his card) and this COULD be the problem!

irjudd
06-10-09, 15:05
Gmail and Yahoo (http://www.tomshardware.com/news/Gmail-Yahoo-Hotmail-Attack-phishing,8796.html) are also hit by this.

Draco
06-10-09, 15:07
There is no way to keep even your most secret email address safe if you do anything on the internet using it.

Encore
06-10-09, 16:17
It is only a list from A-B, the rest have since dissapeared.

Maybe it's time that everyone switched to Gmail? It is much better afterall...

TBH the only reason I have a hotmail account is because I created it for MSN Messenger long time ago (I think you can use other accounts for it but at the time I didn't know). I'm sure many people (uneducated on these matters, like me) end up in the same situation.

irjudd
06-10-09, 16:35
I prefer Live Mail because of the way that my webmail, email client and mobile phone email all stay synced automatically; if a change is made in one it is immediately reflected in the others as well. Is that something Gmail can do? I haven't looked into it much.

jamieoliver22
06-10-09, 19:35
I prefer Live Mail because of the way that my webmail, email client and mobile phone email all stay synced automatically; if a change is made in one it is immediately reflected in the others as well. Is that something Gmail can do? I haven't looked into it much.

Surely any email is capable with POP3, and the client set to automatically retrieve?

And yes, I believe so. I do use the POP function of Gmail for my laptop, desktop and phone (not that I use my phone email often).

irjudd
06-10-09, 19:37
No I don't mean just automatic retrieval, more like anything you do is immediately synced between all devices. Say you make a new folder and move some emails to it on your webmail, then the phone and email client will reflect that change right away. Is this what you're talking about too?

Ward Dragon
06-10-09, 22:50
So basically if I understand the article correctly, if I have only ever typed my e-mail and password into the main hotmail site I should be safe from this particular phishing attempt. Is that right? :)