Hotmail account logins stolen; users should change passwords now!
Posted on | October 6, 2009 | 1 comment
UPDATE 06Oct2009, 3:35 p.m. Pacific. The BBC is reporting that Google, Yahoo and AOL email account credentials have been similarly stolen, with at least 30,000 account details surfacing on the Internet. If you’re worried that cyber criminals might have your username and password for one of your Web mail accounts, change your account password. Now.
If you use a Windows Live Hotmail account, you should change your account password. Now!
Neowin is reporting that some 20,000 Hotmail account holders names and passwords have now been exposed on the Internet. Earlier today, the number was 10,000 Hotmail logins, all beginning with the letter a or b.
Microsoft has released this statement saying it’s not their fault:
“We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation. As part of that investigation, we determined that this is not a breach of any Microsoft servers. Subsequently we have taken measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.”
Sophos security analyst Chester Wisniewski has raised the specter that whoever stole the accounts may very well be running through the whole alphabet.
He says the big question is, “How many people fell victim to this attack, and is it still underway? I may not be able to answer these questions, but with over 10,000 accounts exposed from the first two letters of the alphabet the scope of this fraud could be very large.”
Sophos virus researcher Beth Jones says that these particular logins are extremely valuable “virgin accounts” with a higher chance of not yet being blocked by spam filters.
It would not surprise Jones in the least if the bad guys use the stolen Hotmail accounts to blast out viral spam to everyone in each account account holder’s address book, perhaps to help extend the nasty Live Messenger email worm that’s spreading around.
“They better their odds of a successful campaign by using these addresses,” says Jones.
–By Byron Acohido
Comments
1 Comment »
RSS feed for comments on this post.
Thanks for the mention Byron. I just posted another blog article adding some additional details. Your readers may appreciate this: http://www.sophos.com/blogs/chetw/g/2009/10/06/hotmail-heist-update-release/
Good day,
Chester Wisniewski
Senior Security Advisor
Sophos Inc.
Comment by Chester Wisniewski - Sophos — 10/7/2009 @ 12:10 am