More threads by David Baxter PhD

David Baxter PhD

Late Founder
Hotmail hacked: Thousands of account details published online
by Zack Whittaker
October 5th, 2009

Update (19:55 GMT): added statement from Microsoft at the end.

Thousands, perhaps tens of thousands of Hotmail accounts have been hacked through phishing sites and published online, according to the BBC.

The news is still breaking but according to Neowin, who first reported the story, Microsoft have enacted a rapid-response protocol to limit the damage.

According to Neowin:

?It appears only accounts used to access Microsoft?s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts."
However, considering the Windows Live ID is a single sign-on solution for all Microsoft and Windows Live services, the implications could be a lot greater than first considered.

While phishing is relatively new in the grand scheme of online malware and threats, it seems the tens of thousands of users have mistaken a genuine login page for a fake one, and are now suffering the consequences.

This poses a question I have considered for some time now. There will no doubt be a number of students who have been a victim in this phishing campaign who have been sending and receiving important emails through the service, instead of their own university dedicated system.

Phishing often relies on the service targeted having a massive user base. In comparison to colleges and universities, Hotmail has a greater number of users worldwide, therefore the benefits reaped would be greater.

As a result, it is not clear whether users of Live@edu were targeted, considering the Windows Live ID sign-in process is identical to that of Hotmail. The potential, however, is very much there,

It is unclear at this time whether this is a ?proof of concept? come protest-like attack, as the potential to take advantage of these accounts on a personal scale could be endless. But considering the details were published to the wider web, it seems to me it could be a way of alerting people to the consequences of phishing and/or the security of Hotmail.

With the simplicity of the Windows Live ID sign-in screen, to attempt to create a phishing site from this is surprisingly easy. However with the most recent browsers, a clear green bar or similar will indicate that in fact the sign-in screen is secure.

Nevertheless, it is an interesting story which may well see Microsoft bump up their security to Yahoo! anti-phishing standards.

Microsoft?s statement:
?Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers? credentials were exposed on a third-party site due to a phishing scheme. As always, upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers.

As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.?
 

Retired

Member
Anyone here currently using a Hotmail account? Will you continue using it in light of this announcement?

What is the true benefit of a Hotmail account, compared to using the email provided by one's ISP?
 

David Baxter PhD

Late Founder
  • accessibility anywhere
  • a secondary account to use for anonymity (Psychlinks encourages the use of anonymous accounts)
  • a secondary account as an anti-spam strategy
  • accounts for family members where the ISP offers only one or a limited number of email accounts
 
That's crazy!...I'll probably still use my hotmail account but I probably won't keep personal emails in folders anymore...maybe rather on my desktop in a folder or something...just to be safe. :D
 

Banned

Banned
Member
Thankfully I only use my hotmail account as a "garbage" account, so they can publish anything they want...including my free offers for Viagara, my guaranteed employment offer starting at $75/hr, and my notification that I personally have been selected and am amongst a very, very small number of people who may win the Reader's Digest Sweepstakes.
 
Replying is not possible. This forum is only available as an archive.
Top