Earlier today Neowin.net reported that the passwords for over 10,000 Hotmail accounts have been posted online. According to their source a list detailing over 10,000 accounts was posted on pastebin.com. Pastebin.com is a site that developers use to share snippets of code. The has since been removed but it provided details of over 10,000 accounts started from A through to B. The fact that it ends at B suggests that this may not be the complete list. The list appeared to only contain accounts that can be used to access Microsofts Windows Live Hotmail service.

The story has since been picked up by main stream media. According to the BBC report Microsoft has said that they have "been made aware of the claims that Windows Live IDs and passwords have been made available on the web". There are no details as to where this list has originated from as it were posted anonymously on pastebin.com. Microsoft is currently investigating the situation. We will be watching to see how this story progresses and will update as more details emerge.

This is not the first time that email account details and passwords have been posted online. In May we posted about how approximately 2,100 Irish email account details had been published online. Back then we gave 4 pieces of advice which are relevant here:

• Do not use the same password for multiple sites. I know I use 'levels' of passwords, when I sign up for something trivial but it requires an account I use one particular password which I do reuse, however any sites that hold credit card data or my email accounts all use different strong passwords.
• Only use your work email address for work related sites.
• No matter how much emphasis you place on your personal online security you and your online reputation are still at risk when your details are trusted to others.

The most important piece of advice for users of Hotmail is to CHANGE YOUR PASSWORD.

UPDATE:

06/10/09

BBC News published an article this morning indicating that the scale of this attack maybe larger then previously thought. BBC News have seen a list of more than 20,000 names and passwords that were posted online. The list does not only contain Hotmail credentials but also includes Yahoo, AOL, Gmail and other service providers. This list was also posted on pastebin.com but has since been removed.

Dave

--

If you liked this article then you can:

• Subscribe to our Blog RSS feed
• Become a fan of webpayments.ie on Facebook
• Follow us on Twitter

Related Blog Posts:

• List of Irish email addresses made public.
• Details of the Twitter attack revealed.