Home

Microsoft confirms phishing attack on Hotmail

by Jaspreet Virk - October 6, 2009 - comments            Bookmark and Share
Microsoft is currently working to help users regain control of their accounts and had advised affected users to immediately change their passwords and update alternative email addresses

New York, October 6 -- In a massive data theft affecting more than 10,000 accounts, Microsoft said Monday that Hotmail has been phished over the weekend.

After carrying out a required investigation, the company has confirmed that the data theft is a result of phishing attack and there has been no lapse on its part.

A Microsoft spokesperson was quoted by Computerworld as saying, "We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”

Microsoft is currently working to help users regain control of their accounts and had advised affected users to immediately change their passwords and update alternative email addresses.

A large scale phishing attack
The theft was first found by a technology website Neowin.net, which noted that account details of more than 10,000 Microsoft Hotmail, Windows Live and MSN users had been posted by an anonymous user on Pastebin.com, a site used by developers to share snippet codes. The list displayed names stating with A and B.

The data seems to have been leaked as result of phishing attack under which fake Web site that resemble the legitimate one have been used to trick people in divulge information like user name and password.

"Non-Hotmail passport accounts have been affected too,” said Neowin's Tom Warren. "A new list contains email accounts for Gmail, Comcast, Earthlink and other third-party popular web mail services. It's not clear if this is login information for the service itself or the Microsoft Passport passwords."

Pastebin.com, run by Paul Dixon who is a British software developer, is offline today and is undergoing modifications to ensure that an activity is not repeated again.

"Pastebin.com is just a fun side project for me, and today it's not fun," he said. "It will remain offline all day while I make some further modifications."

Users worried
Most of the users have taken to blogs and forums, discussing the latest data theft at hot mail.

A user named bobmarleypeople posted his views on cnet news saying “As a person with a username beginning with "B", I'm worried. However, if it's due to phishing sites, then I should be fine (I'm fairly confident that I haven't been on one). Still...**changes password**”

Another user named Ayepecks voiced the same view on neowin.net.com, “Changed my password as my e-mail would be in that list given where it starts and ends in the alphabet, just in case. I severely doubt I was phished and have no clue if I was even on the list... but better safe than sorry.”

“Given the amount of coverage warning people about phishing attacks, it's demoralising to see how many people still fall for it. And the truly worrying thing is that it's usually adults (allegedly intelligent people) who fall for these things. Some people are so stupid it defies belief,” stated a user named Mcdon2401 on slyck.com.

No votes yet
Last edited by Harpreet Bhagrath on Tue, 10/06/2009 - 18:29 | Write to author: Jaspreet Virk | Bookmark and Share