Hotmail passwords leaked

Tuesday 06 October 2009 | By Heidi Scott, Gosh! Media Copywriter

Microsoft has today been forced to admit that thousands of Windows Live Hotmail passwords have been leaked on line. The news was originally broken on 1 October by technology blog Neowin and, since then, messages advising friends to change their passwords have been flying around Twitter and other social networks.

Apparently, Microsoft found out during the weekend that "several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site". That site was pastebin.com, commonly used by developers to share code, and the list reportedly contained the details over 10,000 accounts – mostly European and beginning with the letters A and B.

On learning of the security breach, Microsoft said that it had immediately requested that the credentials be removed and launched an investigation to determine the impact on its customers.

On its Windows Live blog today, Monday 5 October, the company says that users' credentials were stolen through what was likely to be "a phishing scheme" and the firm insists that what had happened was "not a breach of internal Microsoft data".

Microsoft says the company is working to help customers regain control of their accounts but does not confirm exactly how many users have been affected. The company is advising users who believe they were subject to attack by the phishing scheme to change their passwords immediately.

In its blog, Microsoft refers to phishing as "an industry-wide problem" and urges customers to "exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources", as well as advising users to install and regularly update anti-virus software. The company goes on to recommend that users renew their passwords for Windows Live IDs every 90 days.

Back to industry news