CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 5th, 2009

List Of 10033 Phished Hotmail Account Passwords Posted Online, Still Available In Google’s Cache

Neowin.net has reported regarding a possible Windows Live Hotmail “hack” or phishing scheme where password details of thousands of Hotmail accounts have been posted online.

An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but according to Neowin, the accounts are genuine and most appear to be based in Europe. The list details over 10,033 accounts starting from A through to B, suggesting this is only a part of a bigger list. Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts. Some accounts are from @hotmail.fr, @live.it, few from @yahoo.es.
Neowin has reported this immediately to Microsoft’s Security Response Center and to Microsoft’s PR teams in the UK and US and we are currently awaiting feedback on the situation. As this is a breaking story, updates by Neowin can be found here.

If you are a Windows Live Hotmail user Neowin recommends that you change your password and security question immediately.

According to Neowin, Microsoft has fully confirmed their initial reports. According to a Microsoft spokesperson “over the weekend Microsoft learned that several thousand Windows Live Hotmail customer’s credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”

Unfortunately, according to our check, the list can still be found in Google’s cache, here is the screenshot:

Google has already been contacted by CyberInsecure in order to remove the cached page from search results.

UPDATE: Google removed cached page after about 3 hours.

Share this item with others:

More on CyberInsecure:
  • List of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online
  • 5534 Stolen Ebay Logins And Passwords Accidentally Found Online By Security Firm
  • Ultimate Bet Players Accounts Compromised, 3.5 Million Records Freely Available Online For Weeks Still In Google Cache
  • UK Justice Minister’s Email Account Used For 419 Scam
  • Microsoft’s CAPTCHA Under Spammers Attack Again

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: List Of 10033 Phished Hotmail Account Passwords Posted Online, Still Available In Google’s Cache

    One Response to “List Of 10033 Phished Hotmail Account Passwords Posted Online, Still Available In Google’s Cache”

    1. can you upload the emails so i can see because my friend said my email address was there do u know where i can see more pictures?


    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word