Phishing scammers leak Windows Live Hotmail passwords to web
Tuesday, October 6, 2009
Hackers posted thousands of passwords from Windows Live Hotmail email accounts to a website over the weekend, in what Microsoft said was the result of a phishing campaign targeting the free webmail service.
The website Neowin reported that up to 20,000 Windows Live Hotmail account passwords from email addresses using the domains hotmail.com, msn.com and live.com were published at pastebin.com on October 1 before being removed over the weekend.
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," Microsoft said on its Windows Live team blog Monday.
Phishing involves the use of websites created by criminals to resemble legitimate web pages. Phishing scammers direct web users through links in email and instant messages to the phishing sites, where they are asked to log on to the phony site - giving away their passwords to the scammers.
Microsoft said it determined the leak "was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
The company recently filed several lawsuits against companies behind malware-bearing web advertisements - malvertisements - and has also sued companies involved in phishing of Windows Live user account information.
Microsoft advises that Hotmail users change their passwords every 90 days.
Related News:
FBI: Law firms and PR agencies high on hacker target lists - 11.18.2009
Using complex email scams, cyber criminals are increasingly targeting sensitive information held by law firms and public relations companies, according to an FBI advisory released earlier this month.
Phishing email takes numerous forms - 11.17.2009
The practice of impersonating authoritative websites and sources in order to convince victims to divulge personal information - known as phishing - has come a long way from the Nigerian "419" scams that popularized the technique in the public mind. Modern phishing is becoming increasingly dangerous in part because attacks can come from a variety of sources.
Email filtering technology working overtime, but spam won't go quietly - 11.16.2009
While modern email filtering systems can block 95 to 99 percent of spam messages, according to Tech Target, mountains of unsolicited email are still delivered every day, accounting for the vast majority of all emails sent.
Phishing scam targets investors, spoofs finance agency - 10.9.2009
The Financial Industry Regulatory Agency (FINRA), an independent regulator of brokerages, is warning investors that they may be targeted by a phishing scam through emails claiming to come from the agency.
PayChoice security breach leads to email scam - 10.2.2009
When users of payroll processor PayChoice received emails last week asking them to download a browser plug-in in order to continue accessing the site, many were lured into downloading malware that exploited security flaws in Internet Explorer and some Adobe software.
|
