Hotmail accounts 'posted online'

[Lite]

Thousands of hotmail passwords have been hacked and posted online, according to reports.

Microsoft, which owns the popular web-based email system, told BBC News that it was aware of the claims and that it was "investigating the situation".

A report on technology blog neowin.net said that the details of "over 10,000" accounts had been posted to a website.

The blog suggested the accounts had been hacked or had been collected as part of a phishing scheme.

Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and passwords.

'Rapid response'

Neowin claims the details were posted on 01 October to pastebin.com, a website commonly used by developers to share code.

Although the details have since been removed, the website said it had seen part of the list.

"[We] can confirm the accounts are genuine and most appear to be based in Europe," Tom Warren, a neowin blogger, wrote on the site.

He said that the list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.

Microsoft said it had "been made aware of the claims that Windows Live IDs and passwords have been made available on the web".

"We're actively investigating the situation and will take appropriate steps as rapidly as possible," a spokesperson said.

Neowin said that it recommended Windows Live Hotmail users to change their "password and security question immediately".

Hotmail is currently the largest web-based email service.

View: Original Article

[DKT27]

Thanx for the info. I'm changing my pass. :D

Well 10,000 accounts seems quite less to me. It should be alot of them.

[David]

Thanx for the info. I'm changing my pass. :D

Well 10,000 accounts seems quite less to me. It should be alot of them.

this is horrible....

[DKT27]

Report: Hotmail passwords leaked online

Thousands of Windows Live Hotmail passwords have been leaked online, according to the Neowin.net tech blog.

According to Neowin, it received information from a source claiming that a "hack or phishing scheme" allowed hackers to post passwords from thousands of Hotmail accounts.

Neowin first viewed the passwords on a developer forum on Pastebin.com. The posting was added to the site on October 1. According to Neowin, it saw "part" of the posted list and "can confirm the accounts are genuine and most appear to be based in Europe."

Although it was unsure how many accounts were hacked, the original list displays accounts with names starting with "A" and "B." It included users with @hotmail.com, @msn.com, and @live.com domains, the publication claimed.

Although Microsoft has yet to confirm the existence of the list or a breach of security, the company told BBC News on Monday that it knows about the claim and is working to determine whether it is accurate.

"We're actively investigating the situation and will take appropriate steps as rapidly as possible," the Microsoft representative told BBC News.

Microsoft did not immediately respond to CNET's request for comment.

Whether the passwords were leaked is still in question. That said, Twitter and other social networks are abuzz with people advising others to change their passwords.

Source

[LoKz]

Oh no..... :unsure:

[jalaffa]

Thanks for the info. I'm not changing my passwords though. I've never given them away to any phishing site in the first place :D

[Hottwire]

Lol and thats a reason i don't trust microsoft with my email :P

I use both AOL (stuck with them unfortunatly)

and Google mail =D

[LeetPirate]

yes but where is the site with the 10k passwords listed? I want to check if there is anyone I know on the list. :D

[DKT27]

+1. Give me the site. I wanna see what type of passwords do people use. ^_^

[HATE9X]

just changed pass for all my 3 accs.. :frusty: this = m$ sux. I mostly have accs only for messenger.. 1 for real life ppl, 1 for internetz and one old one.. like rly old.. just noticed it's.. 2003 and i think i had some earlier than that.

[Toshiro]

Thanks for the info. I'm not changing my passwords though. I've never given them away to any phishing site in the first place :D

same thing here..

Thnx for the info tho :lol:

[shought]

Not sure you can blame MS for this... I mean it seems like they have no idea how these passwords were gathered. It's probably just some people being idiotic giving their passwords to phishers and the like.

[jalaffa]

The site where it was posted (pastebin.com) was taken offline to day due to the heavy traffic...

[DKT27]

*This news is for the people who think that they can get away by usin Gmail, Yahoo or AOL - :lol:

--------------------------------------------------------------------------------------------------------------------

Gmail also hit by e-mail phishing scheme

Hotmail users aren't the only ones who've been hit by a phishing scheme over the past week. Google told BBC News on Tuesday that Gmail users have also been affected by the hackers who posted passwords online.

The problem is far more widespread than was disclosed on Monday, possibly affecting Yahoo and AOL e-mail accounts as well, according to BBC News.

Google described the issue as an "industrywide phishing scheme." BBC News said it has seen two lists posted online with "more than 30,000 names and passwords" from Gmail, Yahoo, AOL, Microsoft's Windows Live Hotmail, and other service providers.

"We recently became aware of an industrywide phishing scheme through which hackers gained user credentials for Web-based mail accounts including Gmail accounts," a Google representative told me in an e-mail.

The representative said that Google immediately "forced passwords resets on the affected accounts."

In an e-mail to CNET, a Google representative said that the company had to reset the passwords on fewer than 500 Gmail accounts so far. However, that figure could change.

Despite Google's and Microsoft's awareness of the problem, it doesn't seem that users are out of the woods just yet. Google's representative told CNET that it will continue to force password resets on any newly affected user accounts.

Like Microsoft, Google was quick to point out to the BBC that the phishing scheme was a "scam to get users to give away their personal information to hackers" and not an internal security issue. It didn't say how users fell victim to the scheme.

Google's admission that Gmail users were affected by the phishing scheme comes on the heels of Microsoft acknowledging that over 10,000 Live Hotmail accounts were compromised by the scam. The passwords apparently first hit the Internet on October 1.

Source

[jalaffa]

So the fact that my logins works still does make me even more relaxed. It was posted earlier that Microsoft had closed the accounts affected.

[DKT27]

Thanx for the info Jalaffa. I was not knowin about it.

[HX1]

Ultimately I win.. my main account.. is not with any of these places..LOL.. BUT yeah I have accounts with them all.. no issues.. thus far...

[DKT27]

I was just wonderin, what will happen if someone makes a pass that looks like a hash but is not a hash? :blink:

[Bizarre™]

@DKT27:

Then you got yourself a secure password.

[DKT27]

Nah. I don't have a hash like password. But I like to keep my pass hashed. :secret:

Just jokin. ;)

[HX1]

You know I have found that the most favorable method of creating a password .. is to create a password which includes case alterations, special characters, numbers...something you remember or use all the time..Then I run an AES encryption with Leet Key ( a firefox extension ) by typing the pass on a text document and loading it in my browser then running the encryption...Then I use it as a password..that usually puts a element of randomness to it..or you can keep it stored that way by copying and saving to the document..

Depends on how you want to go about it..

This will almost definitely keep your stuff secured from other people guessing your password... If they are running a program to try to hack the password it may take quite a bit of time...If they want to un-encrypt it they have to have the key..

[DKT27]

Well guess I will try Leet Key. Thanx.

[HX1]

Well just as an example ( I know its against the rules to type in leet text.. or anything.. but this is an example of what I mean.. )

Example: DKt_27

AES Encrypted: btMPLCQBITAhITAhLcKI/mUTUQ==

I used the default key to encrypt, ( 8bytekey ) which can also alter the final result..some may say this is kind of dumbing it up a bit.. but at minimal this really produces a unique password..There are several way to alter the method for storing and changing the key..and you may not even be able to use all of it..

[LeetPirate]

It's not about Microsoft or Google, never was, the problem is and will always be the incompetence of the users.

[karachidude]

Abundant password management software around.

Why Password Management Software?

Stop wasting time trying to remember which password goes with which email account, bank account, online shopping account, online magazine or newspaper subscription and the many web-based services to which you're subscribed. Imagine only remembering one password for all your online needs.

Password programs not only store your passwords and login accounts, many can safely store bank pins, credit card numbers and personal information. They are littered with features to make your online life easier. Password management programs can automatically sign in, generate strong passwords and transfer your password information to portable devices like a flash drive or handheld.

source