It appears that several thousand passwords were posted to a forum dedicated to developers on the web site Postbin.com. While Redmond is still investigating, they have asked the site to remove the compromised credentials and are advising customers on how to deal with the breach.
Might I recommend not using Hotmail?
In their Windows Live blog, Microsoft suggests a phishing scheme is responsible for the compromise, and that the exposure took place at a third-party provider. They also helpfully point out that phishing is a widespread problem, effectively implementing the three-stage Microsoft response framework:
- Admit that there's a problem once someone makes it public.
- Blame someone else for it.
- Suggest that everyone has these problems, not just Microsoft.
If you have an email address ending in any of the suffixes potentially impacted, make sure you check with Microsoft to find out what you should do.
No comments:
Post a Comment
Please tell me what you think.