CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 6th, 2009

List of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online

A second list containing webmail addresses and passwords referring to Hotmail, Yahoo, AOL and Gmail also surfaced online. Some of the addresses on this list were old and fake, but at least some were genuine, the BBC reports. Both lists have been taken offline, so are no longer directly accessible.

Hackers used fake websites to gain the login credentials attached to various webmail accounts. The attack emerged after a list of 30,000 purloined usernames and passwords was posted online. These leaked details reportedly referred to Gmail, Comcast and Earthlink accounts. The phishing scam was originally thought to target just Hotmail users. It was brought to light when 10,000 Hotmail addresses were posted online at Pastebin, a website commonly used by developers to share code.

A spokesperson for Microsoft said phishing was an “industry-wide problem”. “Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

Google has confirmed to BBC News that its e-mail system – Gmail – has been targeted as part of an “industry-wide phishing scheme”. The search giant said that it had taken immediate action to safeguard the affected accounts.

Yahoo also confirmed that an unspecified number of Yahoo webmail accounts were on the leaked list. It couldn’t confirm how many of the profiles were genuine:

We are aware that a limited number of Yahoo! IDs have been made public.

Online scams and phishing attacks are an ongoing and industry-wide issue and Yahoo! takes great effort to protect our users’ security. We urge consumers to take measures to secure their accounts whenever possible, including changing their passwords. We also encourage our customers to review resources that provide guidelines on email safety.

Rik Ferguson, a security researcher at Trend Micro, said that the security firm had begun detecting spam sent through these compromised Hotmail accounts.

As many as two in five people use the same password for every site they use. That means access to a webmail account gives hackers a head start in accessing online banking or PayPal accounts linked to the same address. Underground bazaars and carder forums are full of sales of these more sensitive login credentials. Email addresses have sold alongside purloined credit card numbers and online bank accounts for months if not years on such black market forums.

Credit: BBC News, The Register

Share this item with others:

More on CyberInsecure:
  • List Of 10033 Phished Hotmail Account Passwords Posted Online, Still Available In Google’s Cache
  • Microsoft’s CAPTCHA Under Spammers Attack Again
  • High Success Rate Breaking Hotmail CAPTCHAs
  • AOL Hosted Sites Distribute Malware
  • Hackers Hijack Sarah Palin’s Yahoo Account, E-mails Published Online

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: List of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
    Click to hear an audio file of the anti-spam word