Hotmail Leak: Phishers Make off with Thousands of Passwords

Details of a Hotmail security breach emerged early yesterday, and it's suggested that approximately 10,000 accounts could have been compromised.

While the exact number of accounts has not yet been confirmed, the breach was likely the result of a phishing campaign -- a different kind of hack that uses fake web pages in order to acquire all kinds of sensitive information, from login data and passwords (such as in this case) to credit card and social security numbers. (Source: cnet.com)

"We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts," said a Microsoft representative through email to Computerworld. (Source: computerworld.com)

"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," the spokesperson admitted.

Big Results for Phishing Campaign

Security insiders who track phishing campaigns like this one are startled by the news, but do not entirely rule out the possibility that such an immense number of passwords could be lost from such a trusted source.

"That's a big result for a phishing campaign," said chairman of the Anti-Phishing Working Group (APWG) Dave Evans. "But it's not outside the realm of possibility." Evans says that he's seen as many as 75,000 accounts compromised by phishers fooling popular Internet Service Providers (ISPs).

Hotmail Users: Change Password

To date, Microsoft has not confirmed that the total number of passwords lost is limited to just 10,000. In fact, it's equally possible that many more accounts could have been breached.

Microsoft is working on the matter, and in the meantime the Redmond-based recommends all Hotmail users should change their passwords immediately.