Email scam hits quarter of a million accounts


7 Oct 2009

Although originally thought to have affected 10,000 Microsoft Hotmail and MSN accounts, the published list of exposed usernames and passwords, which also affected Gmail, Yahoo and AOL, is now thought to have reached more than a quarter of a million accounts.

As reported in the Guardian, the security breach is thought to be the result of a number of phishing attacks tricking people into logging into fake webpages and then scraping their log-in details.

Discovery of the spate of phishing attacks began on Monday when a list of more than 10,000 Hotmail usernames beginning with A or B and the accompanying passwords were published on the website Pastebin.

The Guardian further notes the location of users affected seems to be in Europe, according to the online journalist Tom Warren from Neowin.net, who first discovered the published list.

“Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe,” said the site.

“The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.”

Although the list has since been removed, it was further discovered that Gmail, AOL and Yahoo accounts had also been published online and therefore compromised.

Security expert Brian Honan from BH Consulting noted that as people often use the same password across many systems, both personal and business, organisations should monitor their access logs for any unusual activity and react accordingly.

“It could also be a good time for companies to teach staff about selecting strong passwords,” he added.

By Marie Boran

Photo: In addition to Microsoft Hotmail and MSN accounts, it has been discovered that usernames and passwords for Gmail, AOL and Yahoo accounts had also been published online.