More than 20,000 email passwords, the majority from Microsoft’s Hotmail, have been hacked and posted online, according to a report. Technology blog neowin.net claimed an anonymous user had posted Windows Live Hotmail account details on pastebin.com pastebin.com, a site used by developers to share code, on 1 October. Neowin originally reported that some 10,000 Hotmail accounts were published, but it now says that more over 20,000 accounts have now been compromised. Non-Hotmail passport accounts have been affected too.
A new list contains email accounts for Gmail, Comcast, Earthlink and other third party popular web mail services. It’s not clear if this is login information for the service itself or the Microsoft Passport passwords. The blog suggested the details were obtained through a phishing scam.
Microsoft confirmed Neowin’s report yesterday evening and issued a statement on a company blog:”Over the weekend Microsoft learned that several thousand Windows Live Hotmail customer’s credentials were exposed on a third-party site due to a likely phishing scheme.
“Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts,” the blog continues.
Neowin administrator Tom Warren wrote: “The details have since been removed but Neowin has seen part of the list and can confirm the accounts are genuine. Most appear to be based in Europe.”
“The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.
“Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.”
Neowin recommended Hotmail users change their password and security question “immediately”.