Microsoft investigates Hotmail 'security breach of 10,000 accounts'
Thousands of passwords from the world’s most popular e-mail service have been stolen and posted online.
Hotmail’s owner, Microsoft, said that it was investigating how a hacker apparently accessed more than 10,000 accounts with addresses ending hotmail.com, msn.com and live.com. The details were posted on a site used by technology experts last week but have since been removed.
A Microsoft spokesman confirmed that the details were obtained as a result of a phishing scam. “We are working diligently to help customers regain control of their accounts,” he said.
Phishing is a process where members of the public are duped into handing over their personal details, such as user names, passwords and credit card details. Victims send the information by e-mail to people posing as banks or online stores.
Data can also be stolen by infecting a person’s personal computer with viruses and then raiding it for information.
Tom Warren, a writer on Neowin.net, the technology blog that first revealed the breach, said that most of the compromised Hotmail passwords were from Europe, suggesting that many British addresses could have been among those compromised.
Hotmail has more than 14 million users in Britain - around 5 million more than its closest rival, Yahoo! Mail - and about 28 per cent of the total users of webmail services, according to Nielsen figures.
Social networking sites such as Twitter were abuzz with the reports, with users advising each other to change their e-mail passwords immediately.
Microsoft is the latest in a long line of big organisations, from the UK Government to major banks, who have been faced with internet security breaches recently.
Earlier this year The Times revealed that around 4million British identities had been stolen and made available on the web. Lucid Intelligence, a British company, had intercepted highly sensitive financial information, including credit card details, bank account numbers, telephone numbers and even PINs, all of which had been made available to the highest bidder.
In 2007 the personal and bank details of 25million people — almost every child in the country, as well as their parents and carers — were lost by HM Revenue & Customs. The information went missing when two CDs containing the details were mislaid.
Last year a series of freedom of information requests revealed that the NHS had lost the confidential medical records and personal details of thousands of patients in a “catalogue of errors”.
Earlier this year HSBC, Europe’s biggest bank, was fined more than £3million by the Financial Services Authority for the “careless” handling of confidential details of tens of thousands of its customers.
In a series of security failings the bank sent unencrypted private details via courier to third parties and left information lying on open shelves and in unlocked cabinets where it could have been lost or stolen, the FSA said.
Hackers expose Hotmail account passwords
October 6, 2009, 10:32 am
Microsoft has blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.
Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free web-based email service into revealing account and access information, according to the US technology giant.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," Microsoft said in response to an AFP inquiry.
"We have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."
Microsoft said it learned of the problem during the weekend after Hotmail account information of "several thousand" users, many of them reportedly in Europe, was posted at a website.
Phishing is an internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.
Phishing tactics include sending people tainted email attachments that promise enticing content such as sexy photos of celebrities and luring people to bogus log-in pages that are convincing replicas of legitimate websites.
"This was not a breach of internal Microsoft data," the Redmond, Washington-based technology firm said.
"Phishing is an industry-wide problem... exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and install and regularly update anti-virus software."
Microsoft is also advising Hotmail users to change their account passwords every 90 days.
Re: Microsoft investigates Hotmail 'security breach of 10,000 accounts'
It seems that not just Hotmail have been affected-
Quote:
Passwords for Google, Yahoo and Hotmail accounts illegally leaked online
Documents seen by CNET UK suggest thousands of usernames and passwords for Hotmail, Google and Yahoo accounts have been illegally posted to the Internet.
Login credentials for accounts ending with yahoo.com, hotmail.com, gmail.com, msn.com, live.com and hotmail.fr were seen. Users of these services are strongly encouraged to immediately change their passwords.
Usernames and passwords for Google's Gmail service could also provide hackers with access to users' YouTube, Blogger, Google Docs and Google Talk accounts, as these services are all owned by Google and often work under a single login ID.
We contacted Google, which acknowledged the leaked details and blames phishing attacks rather than insecurities within Google's system.
"We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for Web-based mail accounts including Gmail accounts," a Google spokesperson told CNET UK.
"As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them."
We also contacted Yahoo, a spokesperson for whom confirmed, "We are aware and are investigating."
Reports of leaked Hotmail account details first appeared on Neowin. Microsoft later confirmed the news, and announced that "as a result of our investigation we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."
Once again, if you have email accounts with Google, Microsoft or Yahoo, you are strongly advised to change your password immediately.
Microsoft investigates Hotmail 'security breach of 10,000 accounts'
ʎɐqǝ uo pɹɐoqʎǝʞ ɐ ʎnq ı ǝɯıʇ ʇsɐן ǝɥʇ sı sıɥʇ 
Hybrid Mode
