UPDATE: Gmail, Yahoo Mail and three other email services have been affected too, and the number of leaked accounts is closer to 30,000. Full report in end of article.
If you have a Hotmail or Windows Live account, you had better go check it right away. Hackers have managed to get a hold of thousands of Hotmail passwords and posted it online, so we strongly suggest you first log in to your account and change the password before doing anything else right now.
Neowin is reporting that a phishing scheme has managed to get a lot of those passwords, and an anonymous user posted details of the accounts on October 1 at code-sharing site PasteBin. And that huge list of over 10,000 accounts amounts for only those between the letters A and B!
“The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts,” the site reports.
Meanwhile, Microsoft has confirmed the event and launched its own investigation in the matter, and quickly washed its hands off the matter saying that it wasn’t an internal leak.
The company also issued a few security measures for Hotmail users:
Renew their passwords for Windows Live IDs every 90 days
For administrators, make sure you approve and authenticate only users that you know and can verify credentials
As phishing sites can also pose additional threats, please install and keep anti-virus software up to date
It’s quite a distressing tale, but in the end, reminds us of the many reasons we shifted to Google’s email service. We would rather have our Gmail being inaccessible for a couple of hours than face the risk of losing all our private data altogether!
UPDATE: Gmail, Yahoo Mail and three other email services have been affected too, and the number of leaked accounts is closer to 30,000.Remember when the Hotmail passwords leaked yesterday and we spoke highly of how Gmail, even with its server outages, gives us peace of mind when it comes to security? Yeah, so we’re going to need some ketchup and fries to go with these delicious feet in our mouth.
The BBC is reporting that it has in its possession the same controversial lists of leaked accounts, with the number going over 30,000. And yes, Hotmail isn’t the only email service affected by the scam as the lists also included Gmail, Yahoo Mail, AOL, Comcast and Earthlink accounts.
NeoWin, which first broke the news of the scam, reported that it had cross-checked the lists – which have now been taken down from their original postings at PasteBin – with the BBC and can confirm that it’s the same.
For its part, a Google spokesperson has said that less than 500 of its email service accounts were affected and that the phishing scam did not involve a breach of Gmail security.
In a very carefully worded and completely ambiguous statement, the spokesperson told BBC News: “We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts. As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”
By all accounts, it’s unclear as to when Google detected the problem and fixed it; but the ambiguous statement does raise a few eyebrows. After all, if they had managed to do it before the lists leaked, wouldn’t they want to stress on that point?
Still, to the company’s credit, they did find a third list of phished accounts, but has yet to disclose how many of those are Gmail, Hotmail, or anything else.
Both Google and Microsoft have issued measures for stronger passwords and anti-phishing security, which users would be advised to read. Meanwhile, we’re going to change our passwords, just in case…
Sources: Neowin, Microsoft thinkdigit
It's great news about Hack the number of Email id by the Hackers and it's very interesting articles..
ReplyDeleteThanks for share with us..