Monday, October 5, 2009

Hotmail Passwords Leaked - Hotmail Users Shrug

Microsoft has confirmed an earlier report from Neowin that thousands of Hotmail passwords have been leaked online. Hotmail users, wondering what they are doing still using Hotmail when there are so many better options available, mutter "FML!"

It appears that several thousand passwords were posted to a forum dedicated to developers on the web site Postbin.com. While Redmond is still investigating, they have asked the site to remove the compromised credentials and are advising customers on how to deal with the breach.

Might I recommend not using Hotmail?

In their Windows Live blog, Microsoft suggests a phishing scheme is responsible for the compromise, and that the exposure took place at a third-party provider. They also helpfully point out that phishing is a widespread problem, effectively implementing the three-stage Microsoft response framework:

  1. Admit that there's a problem once someone makes it public.
  2. Blame someone else for it.
  3. Suggest that everyone has these problems, not just Microsoft.
The compromise includes email address with the @hotmail.com, @msn.com and @live.com suffixes, and may number 10,000 or more. Since initial reports indicate the breach involves accounts A through B, I'm curious about how a phishing scheme would target users in alphabetical order. Perhaps Microsoft will provide details at a future time.

If you have an email address ending in any of the suffixes potentially impacted, make sure you check with Microsoft to find out what you should do.


No comments:

Post a Comment

Please tell me what you think.