Tech website Neowin has received information regarding a possible Windows Live Hotmail "hack" or phishing scheme where password details of thousands of Hotmail accounts have been posted online. An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft's Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts. This has reported this immediately to Microsoft's Security Response Center and to Microsoft's PR teams in the UK and US and we are currently awaiting feedback on the situation. As this is a breaking story please check back frequently as the story will be updated as soon as more information becomes available. According to BBC News, Microsoft is currently "investigating the situation and will take appropriate steps as rapidly as possible."
It does make me wonder if I should change my password, however it could be people who have been on dodgy websites and of pc’s full of spyware.
Probably just people with PC's full of spyware but it wouldn't do any harm to change it just incase. Think I will just to be on the safe side. Thanks for bringing this to my attention!
Indeed, its rather stupid how the major news sites including BBC news have been talking about this, they even had it on BBC 1 today with there technical expert (whos an idiot). Phishing scams have gone on for years and happened for years, this isnt some breaking news or anything major.
At first it sounded like someone could have exploited a vulnerability in the windows live signin system, the more I hear about it this it just sounds like people have signed in to hotmail or whatever on pc’s full of spyware or fallen for phishing scams.
Most likely the last, as phishing mail has always been a succesfull way for 'hackers' to get valuable material without too much time and effort. The only way to 'solve' the issue is to inform users with good security guidelines before and under using the Hotmail service, which is exactly what Microsoft (and Google) is already doing. So even if the press wants to freak out on them once again, they'd better understand that not just Microsoft but everybody, especially them since the press is a close informative source, could help informing internet users of what to trust and what not.