Microsoft confirms phishers stole 'several thousand'...

[reghakr]

INFORMATION SYSTEMS BREACHES

Microsoft today confirmed that thousands of Windows Live Hotmail account usernames and passwords had leaked to the Internet, but said the credentials were "likely" stolen in a phishing attack. The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part. …

Microsoft did acknowledge that Hotmail accounts had been compromised. "Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party
due to a likely phishing scheme," [a Microsoft] spokeswoman [said]. … According to Neowin.net, which first reported the Hotmail incident, more than 10,000 accounts had been compromised. However, Neowin said it had seen only a partial list -- accounts with usernames starting with "A" or "B" -- and suspected that the total could be much larger. [Date: 5 October 2009

More.......Microsoft confirms phishers stole 'several thousand' Hotmail passwords

 

[sup3rsprt]

The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part. …

If you think about it, it's not even possible to find the passwords of everyone's account starting from A to B. Because the database would not have passwords in cleartext form. They would be hashes of some sort. In order to find out someone's password from a database, you'd have to crack the hash.

Of course I am assuming that Microsoft stores credentials the correct way...

 

[rush2112]

The company denied that its Web-based e-mail service had been hacked and the account log-in information stolen because of some lapse on its part. …

If you think about it, it's not even possible to find the passwords of everyone's account starting from A to B. Because the database would not have passwords in cleartext form. They would be hashes of some sort. In order to find out someone's password from a database, you'd have to crack the hash.

Of course I am assuming that Microsoft stores credentials the correct way...

I read somewhere that a LOT of the accounts had '123456' as their passwords. Thousands did. Looks like someone needs an education in internet security, eh? :sarc:

 

[stormy13]

I read somewhere that a LOT of the accounts had '123456' as their passwords. Thousands did. Looks like someone needs an education in internet security, eh? :sarc:

That and they need to stop clicking on every link that comes through their email. This,



is one of the ones that was responsible for the phished accounts.

 

[WiFi Ed]

A question: Are only @hotmail.com accounts at risk, or does this include @live.com also?

Assuming there was a hacking of Microsoft, of course. If it is just the result of successful phishing ploys, I'm sure I'm safe...probably

 

[Jacee]

If you're in doubt, change your password using another computer, not connected to your network.