Several thousand usernames and passwords from Hotmail users have leaked onto the Internet. It should be about more than 10,000 user accounts, from people with email addresses that have an ending @hotmail.com, @ msn.com and @live.com.
Microsoft confirms this, but denies that it is all about hacking. However should the user accounts come from a phishing campaign. "In other words, you are safe unless you're an idiot."
Other services
Idiots or not, those who are affected by the theft may have problems with more than just email.
The username and password are used also to other Microsoft Live services, such as SkyDrive, the trial version of Office Web App's and MSN Messenger. SkyDrive allows you to have a "hard drive in the cloud," and highly sensitive data can, in other words be obtained.
- We have started our standard procedures to help our customers to gain control over their accounts, "said a spokeswoman at Microsoft.
Fishing logics
At least 10,000 accounts is a high figure, but with phishing "law" it is not unlikely.
- We've seen leaks of between 50,000 and 75,000 accounts when phishers attacking ISPs with millions of users, "says Dave Jevans, chairman of the Anti-Phishing Working Group (APWG)
He gives an example: It requires only that 0.05 percent goes on the stick, if one try between 10 and 20 million users, for that the pishers people behind can get back 100,000 accounts.
And Hotmail has about 400 million users.
Can be 100,000
Neowin.net, which first reported the leak, has just set an username that begins at A and B. And it shall therefore be 10,000 usernames and passwords that are now located out there. If the people behind have had More successes on the other letters of the alphabet, they have provided up to 100,000 accounts.
- If it is a fact, we can talk about one of the largest phishing campaigns ever. But it would have taken them several months, "said Jevans.
Both Microsoft and Jevans urging all Hotmail users to change their passwords.
- ASAP, emphasizes Jevans.
