Truesee's Daily Wonder

Truesee presents the weird, wild, wacky and world news of the day.

Monday, October 5, 2009

 

Hotmail passwords leaked online

Hotmail passwords leaked online

The email accounts of thousands of users of Microsoft's Hotmail email service have been compromised after passwords and account addresses were posted on the internet.

 

Claudine Beaumont

Technology Editor
5:33PM BST 05 Oct 2009

Computer hacker: Hackers hijack 1.9 million computers worldwide A list of around 10,000 Hotmail passwords has been leaked online Photo: CLARE KENDALL

The login details of more than 10,000 accounts briefly appeared on a web-site used by computer programers.

The list included only addresses starting with A and B, raising fears that more could appear online in the coming days, potentially exposing tens of thousands more Hotmail users.

According to technology website Neowin.net, an anonymous user posted details of around 10,000 Microsoft Hotmail, Windows Live and MSN accounts on Pastebin.com, an online forum used by developers to share snippets of programming code. Neowin said the details appeared legitimate, and that most of the accounts exposed by the leak belonged to European web users.

The source of the leak remains unknown, but it seems likely that the details were collected as the result of "phishing" scams, which use fake websites to trick people in to revealing personal details, such as account login information, believing they are on a legitimate site.

Microsoft said that it had been made aware of the problem.

"We're actively investigating the situation and will take appropriate steps as rapidly as possible," said Microsoft in a statement. "Microsoft is committed to protecting the privacy of our customers, and believe they deserve to have their personal data used only in ways they have agreed to, and in ways that provide value to them."

Users of Hotmail, Windows Live and MSN email accounts are advised to change their passwords and security questions immediately, in order to block unauthorised access to accounts. There are fears that hackers or cybercriminals could use these email accounts to gain access to sensitive or personal information, or to log on to online bank accounts and shopping websites to make fraudulent transactions. Many internet users use the same password details for multiple accounts.

"It's unclear at this stage whether the cause of the leak is phishing attacks or some kind of attack on Microsoft's servers," said Carole Theriault, a senior security consultant with Sophos. "These things do happen, and people shouldn't panic, but we recommend taking some practical steps. If they have a Hotmail, MSN or Live email addres, they should change their account password and security question."

Hotmail is the largest web-based email service in the world, boasting an estimated 500 million users, with 14 million in the UK alone. The password leak comes at the start of a busy month for Microsoft, with the company launching its new computer operating system, Windows 7, on October 22. It also recently unveiled Microsoft Security Essentials, a suite of security software designed to help protect internet users against malicious software, trojans and viruses.

Lukas Oberhuber, chief technical officer at Forward Internet Group, said the leak looked like the result of a phishing attack. "Those sorts of attacks are almost impossible to defend against," he said. "They are becoming increasingly sophisticated.

"It's hard to say at this stage what the motivation was for posting the list online. Was the person responsible simply trying to prove that it could be done?"

Mr Oberhuber said that one indication that an account had been compromised might be if the user receives a number of emails saying that they had requested other account password reminders.

"Hotmail is not the first web email service to be hacked in this manner, and it won't be the last," he said.

A report earlier this year from Lucid Intelligence estimated that the identities of around four million Britons had been stolen and made available online to the highest bidder, while ast week, users of Twitter, the microblogging site, were targeted in a phishing scam. Clicking on a link received in a direct message re-directed unsuspecting Twitter users to a fake webpage that prompted them to enter their username and password details, and then harvested that information to hack accounts.

And the Yahoo! email account of Sarah Palin, the former US vice-presidential candidate, was famously hacked last year by an internet user who guessed the then Alaskan governor's password using readily available biographical information found online.


Comments: Post a Comment

<< Home

Archives

June 2021   May 2021   April 2021   March 2021   February 2021   January 2021   December 2020   November 2020   October 2020   September 2020   August 2020   July 2020   June 2020   May 2020   April 2020   March 2020   February 2020   January 2020   December 2019   November 2019   October 2019   September 2019   August 2019   July 2019   June 2019   May 2019   April 2019   March 2019   February 2019   January 2019   December 2018   November 2018   October 2018   September 2018   August 2018   July 2018   June 2018   May 2018   April 2018   March 2018   February 2018   January 2018   December 2017   November 2017   October 2017   September 2017   August 2017   July 2017   June 2017   May 2017   April 2017   March 2017   February 2017   January 2017   December 2016   November 2016   October 2016   September 2016   August 2016   July 2016   June 2016   May 2016   April 2016   March 2016   February 2016   January 2016   December 2015   November 2015   October 2015   September 2015   August 2015   July 2015   June 2015   May 2015   April 2015   March 2015   February 2015   January 2015   December 2014   November 2014   October 2014   September 2014   August 2014   July 2014   June 2014   May 2014   April 2014   March 2014   February 2014   January 2014   December 2013   November 2013   October 2013   September 2013   August 2013   July 2013   June 2013   May 2013   April 2013   March 2013   February 2013   January 2013   December 2012   November 2012   October 2012   September 2012   August 2012   July 2012   June 2012   May 2012   April 2012   March 2012   February 2012   January 2012   December 2011   November 2011   October 2011   September 2011   August 2011   July 2011   June 2011   May 2011   April 2011   March 2011   February 2011   January 2011   December 2010   November 2010   October 2010   September 2010   August 2010   July 2010   June 2010   May 2010   April 2010   March 2010   February 2010   January 2010   December 2009   November 2009   October 2009   September 2009   August 2009   July 2009   June 2009   May 2009   April 2009   March 2009   February 2009   January 2009   December 2008  

Powered by Lottery PostSyndicated RSS FeedSubscribe