Home / / Thousands of Hotmail passwords leaked

Thousands of Hotmail passwords leaked

Microsoft confirms phishing scam while reports mount that Gmail and Yahoo! accounts have also been affected

Microsoft has blocked access to the accounts affected by the phishing scam.
Microsoft has blocked access to the accounts affected by the phishing scam.

Microsoft has confirmed that "several thousands" of Hotmail passwords were leaked online as part of a massive phishing attack that shows no signs of abating just yet. An anonymous user posted details of the accounts on October 1st at pastebin.com but Microsoft has since taken down the information. Tech site Neowin, which was the first to post details of the phishing attack, managed to see part of the list and revealed that most of the accounts appear to be based in Europe - this includes @hotmail.com, @msn.com and @live.com accounts.

While initial reports claimed passwords from 10,000 accounts were leaked, it's now believed that the figure could actually be closer to the 30,000 range.

Worryingly, the BBC has now reported that e-mail addresses and passwords from other service providers like Yahoo!, AOL and Gmail are also on the list.

"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," the company said in a statement. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

While there have been no reports yet on any user from the Middle East being affected, Microsoft has asked anyone who believes their information was put up on the illegal list to fill out a form online to reclaim access.