BBC News has seen a list of more than 10,000 e-mail accounts and passwords which had been posted online.
The software giant, which owns the web-based e-mail system, said that it "had launched an investigation".
Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and other private data.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally and exposed on a website," said a Microsoft spokesperson.
"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers."
Quick change
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts.
"We still don't know the scale of the problem," he told BBC News.
Technology blog neowin was the first to publish details of the attack. It said the accounts were posted on 1 October to pastebin, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,028 names beginning with the letters A and B.
BBC News has confirmed that the accounts are genuine and predominantly originate in Europe.
The list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Mr Cluley advised Hotmail users to change their password as soon as possible.
"I'd also recommend that people change the password on any other site where they use it," he said.
Around 40% of people use the same password for every website they use, he added.
Hotmail is currently the largest web-based e-mail service.
Neowin says :-
An anonymous user posted details of the accounts on October 1 at PasteBin, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft's Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.
Neowin has reported this immediately to Microsoft's Security Response Center and to Microsoft's PR teams in the UK and US and we are currently awaiting feedback on the situation. As this is a breaking story please check back frequently as the story will be updated as soon as more information becomes available.
If you are a Windows Live Hotmail user rock-viz-us recommends that you change your password and security question immediately.
Neowin has reported this immediately to Microsoft's Security Response Center and to Microsoft's PR teams in the UK and US and we are currently awaiting feedback on the situation. As this is a breaking story please check back frequently as the story will be updated as soon as more information becomes available.
If you are a Windows Live Hotmail user rock-viz-us recommends that you change your password and security question immediately.
0 comments:
Post a Comment