Author Topic: Thousands of Hotmail Passwords Leaked Online  (Read 1113 times)

0 Members and 1 Guest are viewing this topic.

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • Posts: 7950
Thousands of Hotmail Passwords Leaked Online
« on: October 05, 2009, 07:36:50 am »

...Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.
...Currently it appears only accounts used to access Microsoft's Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

Complete article:
http://www.neowin.net/news/main/09/10/05/thousands-of-hotmail-passwords-leaked-online



Microsoft MVP - Consumer Security

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: Thousands of Hotmail Passwords Leaked Online
« Reply #1 on: October 05, 2009, 09:05:48 am »
Hmmm...doesn't bode well for web based email does it? Just one more reason why I STILL feel justified using only my on board email client.

You will find varying opinions about this. There are pro's and con's for both.

Please understand, there's always a risk with email but using on board client mail and creating a strong password and unique user ID, it seems the risk is at least minimized...that is, more so than it would be online.

The only way a scenario such as this would be compromised, is if one would go about posting his/her own email address willy nilly on various web pages for any purpose (to include registering for anything). Be advised however, there is more to "compromised" than just some hack finding your email address and deciphering your password. Secure email is much more than just that. Nothing is said here about encrypting the content of your message, which is another "security" measure entirely and good for another thread, not this one.

If registration is required on a web site, research the web site to make certain of any question(s) in your mind whether there is a valid reason for registration, and that the web site is truly one where you want to tender your personal information. Afterward, make certain you check the profile created on that web site and that you have the option to remove your email address from public view.

There is however, much more to securing email than to consider whether to use an on board client, which could become vulnerable at some point...or your browser. When you use online email accounts, your browser is essentially, your email client and we all know just how secure (or not) your browser can be (depending on which one you use). Ugh!!! The things to consider seem so many, and still nothing said here about your on board security applications that should take a look at your email...ANTIVIRUS! Again, should be another thread.

Using caution as described above, a user can safely use on line email accounts, but might also  be more vulnerable to having a spam filled "in" folder.

One final note, Microsoft chose not to include an on  board email client with Windows 7. Having that in mind, the individual user then has the sole responsibility of policing and securing his/her own email application whether on board or online. This article, although somewhat antiquated, still is a good read. Many suggestions there are still good and valid. Bottom line is, user's need to learn how to be aware of the variety of secure measures they can take, and situations to avoid.

If you've NEVER had an occasion to have been helped along in this forum in the way of removing some malicious software from your system (or elsewhere), you may never have had the opportunity to have read the excellent suggestions by one of our own colleagues "Tony Klein". His article, So how did I get infected in the first place?, has been plastered all over the web...posted Here Too of course (by permission), but I chose to point to the "Spybot" article as it also has something to say about email.

Tony's recommendations have been the bulwark for countless user's education in the way of security measures they can and should use to their advantage.

Good luck, and safe surfing!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • Posts: 7950
Re: Thousands of Hotmail Passwords Leaked Online
« Reply #2 on: October 06, 2009, 06:02:36 am »
The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.
http://news.bbc.co.uk/2/hi/technology/8292299.stm

Edited to add an update:
http://www.sophos.com/blogs/chetw/g/2009/10/06/hotmail-heist-update-release/
« Last Edit: October 07, 2009, 12:24:19 am by Bugbatter »

Microsoft MVP - Consumer Security

Offline Bugbatter

  • Microsoft® MVP
  • Administrator
  • Diamond Member
  • Posts: 7950
Re: Thousands of Hotmail Passwords Leaked Online
« Reply #3 on: October 07, 2009, 10:06:38 pm »
Hotmail phish exposes most common passwords
http://www.theregister.co.uk/2009/10/07/hotmail_phish_password/

Microsoft MVP - Consumer Security

Offline faith_michele

  • Anti - Phishing Staff
  • Gold Member
  • Posts: 1947
    • A Beacon of Light
Re: Thousands of Hotmail Passwords Leaked Online
« Reply #4 on: October 08, 2009, 02:52:01 am »
Thanks!   :)

Here is a forum post at PC Pitstop.  It even has a picture of one of the phish emails.  I posted a reply there warning about further potential phish compromises.

http://forums.pcpitstop.com/index.php?showtopic=173183
Microsoft Consumer Security MVP, July 2007-June 2010

"Fight your fights, find the grace in all the things that you can't change and help somebody, if you can." Van Zant

A Beacon of Light

Offline K27

  • Malware Removal Staff
  • Gold Member
  • Posts: 2342
    • Go Good IT Solutions
Re: Thousands of Hotmail Passwords Leaked Online
« Reply #5 on: October 08, 2009, 05:52:02 am »
Changed my two live account passwords and my Gmail password as soon as this came about and as always with all my passwords they are all totally random and compleaty different and contain at least two different capital letters, at least two different numbers, and are at least eight characters long.
Always use a AV with mail protection, also never click any link from any E-Mail EVER.

Always signout of your E-mail, never just close the page down and if you do get a link form somewhere, even if its somewhere you know like facebook, ebay, paypal, amazon and as Faiths post at PC Pitstop pointed out even from your E-Mail provider then take the time to go to there page via your bookmarks or typing it in direct and finding what the link was pointing at.
If it is genunie then it will be there some where.

Just my point of view.
K27

EDIT:
PS: forgot to mention always you a site advisor such as WOT to confirm the sites you are using are really the sites they say they are.
« Last Edit: October 08, 2009, 06:00:10 am by kevin27 »
SpywareHammer - Knowledgebase

The internet is the new age battle of the old age clash between good and evil