More than 20,000 Hotmail, Gmail, Yahoo passwords exposed
October 6, 2009
Some 20,000 Hotmail account holders' usernames and password have now been exposed on the Internet. Earlier today, the number was 10,000 Hotmail logins, all beginning with the letter "a" or "b."
Microsoft has released a statement saying it's not the company's fault. The Hotmail logins were stolen via a phishing attack, says Microsoft. "We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
Sophos security analyst Chester Wisniewski has raised the specter that whoever stole the accounts may very well be running through the whole alphabet. He says the big question is, "How many people fell victim to this attack, and is it still underway? I may not be able to answer these questions, but with over 10,000 accounts exposed from the first two letters of the alphabet the scope of this fraud could be very large."
Sophos virus researcher Beth Jones says that these particular logins are extremely valuable "virgin accounts" with a higher chance of not yet being blocked by spam filters.
It would not surprise Jones if the bad guys use the stolen Hotmail accounts to spam out viral spam to everyone in each account account holder's address book, perhaps to help extend the nasty Live Messenger email worm that's spreading around.
"They better their odds of a successful campaign by using these addresses," says Jones.
The BBC is reporting that Google, Yahoo and AOL email account credentials have been similarly stolen, with at least 30,000 account details surfacing on the Internet. If you're worried that cyber criminals might have your username and password for one of your Web mail accounts, change your account password. Now.