List Of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online

October 6th, 2009

List of 20000 More Email Accounts From Gmail, Hotmail, Yahoo, AOL And Others Posted Online

A second list containing webmail addresses and passwords referring to Hotmail, Yahoo, AOL and Gmail also surfaced online. Some of the addresses on this list were old and fake, but at least some were genuine, the BBC reports. Both lists have been taken offline, so are no longer directly accessible.

Hackers used fake websites to gain the login credentials attached to various webmail accounts. The attack emerged after a list of 30,000 purloined usernames and passwords was posted online. These leaked details reportedly referred to Gmail, Comcast and Earthlink accounts. The phishing scam was originally thought to target just Hotmail users. It was brought to light when 10,000 Hotmail addresses were posted online at Pastebin, a website commonly used by developers to share code.

A spokesperson for Microsoft said phishing was an “industry-wide problem”. “Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”

Google has confirmed to BBC News that its e-mail system – Gmail – has been targeted as part of an “industry-wide phishing scheme”. The search giant said that it had taken immediate action to safeguard the affected accounts.

Yahoo also confirmed that an unspecified number of Yahoo webmail accounts were on the leaked list. It couldn’t confirm how many of the profiles were genuine:

We are aware that a limited number of Yahoo! IDs have been made public.

Online scams and phishing attacks are an ongoing and industry-wide issue and Yahoo! takes great effort to protect our users’ security. We urge consumers to take measures to secure their accounts whenever possible, including changing their passwords. We also encourage our customers to review resources that provide guidelines on email safety.

Rik Ferguson, a security researcher at Trend Micro, said that the security firm had begun detecting spam sent through these compromised Hotmail accounts.

As many as two in five people use the same password for every site they use. That means access to a webmail account gives hackers a head start in accessing online banking or PayPal accounts linked to the same address. Underground bazaars and carder forums are full of sales of these more sensitive login credentials. Email addresses have sold alongside purloined credit card numbers and online bank accounts for months if not years on such black market forums.

Credit: BBC News, The Register

Share this item with others:

More on CyberInsecure:

List Of 10033 Phished Hotmail Account Passwords Posted Online, Still Available In Google’s Cache

Microsoft’s CAPTCHA Under Spammers Attack Again

High Success Rate Breaking Hotmail CAPTCHAs

AOL Hosted Sites Distribute Malware

Hackers Hijack Sarah Palin’s Yahoo Account, E-mails Published Online

Posted in Breaches And Incidents, Cybercrime, Data Theft, Google, Hacked, Phishing, Privacy, Spam |

Print This Post

This entry was posted on Tuesday, October 6th, 2009 at 8:33 am and is filed under Breaches And Incidents, Cybercrime, Data Theft, Google, Hacked, Phishing, Privacy, Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.