Hotmail users urged to change passwords after list published online

6 Oct 2009

Hotmail users across the world have been urged to change their passwords after a list containing more than 10,000 account names and passwords was published over the weekend.

Microsoft researchers are investigating the stolen details. It is understood the list appeared on a website that has been taken down but investigators fear copies of the list are available elsewhere on the web and may fall into the hands of cyber criminals.

It is feared the list is just a portion of a larger body of information that may fall into the hands of cyber criminals. The details were posted on public upload site

It is understood the list contains user names beginning with A and B of email services @hotmail, and

Microsoft’s internet email services, including Hotmail, are used by more than 280 million people worldwide.

Security experts recommend Hotmail, Live and MSN users change their passwords to avoid the threat of their accounts being compromised.

Microsoft has attributed the publication of the list to a likely phishing scheme.

“Over the weekend, Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers,” the company’s Live team wrote in a blog post.

“As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

“Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

Microsoft recommends that as a matter of course users renew their passwords for Windows Live IDs every 90 days, authenticate only other users you know and keep anti-virus software up to date.

By John Kennedy

Photo: Microsoft’s internet email services are used by more than 280 million people worldwide.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years