UPDATE: Gmail, Yahoo Mail and three other email services have been affected too, and the number of leaked accounts is closer to 30,000. Full report here.
If you have a Hotmail or Windows Live account, you had better go check it right away. Hackers have managed to get a hold of thousands of Hotmail passwords and posted it online, so we strongly suggest you first log in to your account and change the password before doing anything else right now.
Neowin is reporting that a phishing scheme has managed to get a lot of those passwords, and an anonymous user posted details of the accounts on October 1 at code-sharing site PasteBin. And that huge list of over 10,000 accounts amounts for only those between the letters A and B!
“The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts,” the site reports.
Meanwhile, Microsoft has confirmed the event and launched its own investigation in the matter, and quickly washed its hands off the matter saying that it wasn’t an internal leak.
The company also issued a few security measures for Hotmail users:
- Renew their passwords for Windows Live IDs every 90 days
- For administrators, make sure you approve and authenticate only users that you know and can verify credentials
- As phishing sites can also pose additional threats, please install and keep anti-virus software up to date
It’s quite a distressing tale, but in the end, reminds us of the many reasons we shifted to Google’s email service. We would rather have our Gmail being inaccessible for a couple of hours than face the risk of losing all our private data altogether!