Microsoft confirms phishers stole 'several thousand'...
-
Microsoft confirms phishers stole 'several thousand'...
INFORMATION SYSTEMS BREACHES
Microsoft today confirmed that thousands of Windows Live Hotmail account usernames and passwords had leaked to the Internet, but said the credentials were "likely" stolen in a phishing attack. The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part. …
Microsoft did acknowledge that Hotmail accounts had been compromised. "Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party
due to a likely phishing scheme," [a Microsoft] spokeswoman [said]. … According to Neowin.net, which first reported the Hotmail incident, more than 10,000 accounts had been compromised. However, Neowin said it had seen only a partial list -- accounts with usernames starting with "A" or "B" -- and suspected that the total could be much larger. [Date: 5 October 2009
More.......Microsoft confirms phishers stole 'several thousand' Hotmail passwords
-
-
The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part. …
If you think about it, it's not even possible to find the passwords of everyone's account starting from A to B. Because the database would not have passwords in cleartext form. They would be hashes of some sort. In order to find out someone's password from a database, you'd have to crack the hash.
Of course I am assuming that Microsoft stores credentials the correct way...
-
The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part. …
If you think about it, it's not even possible to find the passwords of everyone's account starting from A to B. Because the database would not have passwords in cleartext form. They would be hashes of some sort. In order to find out someone's password from a database, you'd have to crack the hash.
Of course I am assuming that Microsoft stores credentials the correct way...
I read somewhere that a LOT of the accounts had '123456' as their passwords. Thousands did. Looks like someone needs an education in internet security, eh?
-
-
I read somewhere that a LOT of the accounts had '123456' as their passwords. Thousands did. Looks like someone needs an education in internet security, eh?
That and they need to stop clicking on every link that comes through their email. This,
is one of the ones that was responsible for the phished accounts.
-
A question: Are only @hotmail.com accounts at risk, or does this include @live.com also?
Assuming there was a hacking of Microsoft, of course. If it is just the result of successful phishing ploys, I'm sure I'm safe...probably
Last edited by WiFi Ed; 16 Oct 2009 at 20:51.
Reason: dyslexia...
-
If you're in doubt, change your password using another computer, not connected to your network. :)
-