Microsoft Links Hotmail Leak To Phishing Attack

Microsoft confirmed thousands of Hotmail customers had their usernames and passwords posted recently on a third-party site as a result of a likely phishing attack

Officials at Microsoft confirmed that thousands users of Windows Live Hotmail had their user credentials posted on a third-party site.

According to Microsoft, the username and password information was likely swiped in a phishing scheme, and the company is currently working with customers who were affected. The situation appears to have been first reported by Neowin.net, which reported finding some 10,000 usernames and passwords on pastebin.com. The information was posted by an anonymous user on 1 Oct.. The post has since been taken down.

According to Neowin.net, the list ran from A to B and included @hotmail.com, @msn.com and @live.com accounts. Most of the accounts appear to be based in Europe,the publication added.

In response to reports, a Microsoft spokesman issued this statement:

“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”

Microsoft also recommended customers renew their passwords for LIVE-IDs every 90 days and keep their antivirus software up-to-date.

“For administrators, make sure you approve and authenticate only users that you know and can verify credentials,” the spokesman said.