Up to 20,000+ Windows Live Hotmail account details leaked online
Microsoft has confirmed that the access credentials of "several thousand" European Windows Live Hotmail accounts have been leaked and made accessible on the internet. Whether the Messenger and Xbox LIVE services, which are also part of Windows Live, are affected wasn't mentioned by the vendor. The exposed data includes email addresses and account passwords.
According to Microsoft, the credentials were probably exposed as part of a large scale phishing attack and not by a breach of the vendor's own systems. Microsoft has blocked access to all of the exposed accounts and is offering affected users assistance with reclaiming their accounts. This includes filling in and submitting an online form that requests various verification details.
The Neowin technology website was the first to report on the attack. According to Neowin, users' personal data was released on pastebin.com on the 1st of October. The BBC and Neowin reported that they had viewed a list containing the access data of 10,028 e-mail accounts beginning with A or B. According to the report, the data has now been removed from the net. The original list contained accounts ending in hotmail.com, msn.com and live.com.
A recent update from Neowin states that more than 20,000 accounts were compromised. According to the update, non-Hotmail Passport accounts, Microsoft's single sign on service, are also affected and a new list that contained details for Gmail, Comcast and other third party webmail services has also appeared.
As users tend to use the same password for a variety of services, phishers can potentially access even more accounts and may be able to cause financial or other damage. Affected users should not only reactivate their Hotmail accounts but also reset their passwords for other services they use.