Identity Theft News

Hotmail passwords likely hacked, not phished, security researcher says

Tuesday, October 13, 2009

Microsoft said a phishing scam was the likely culprit behind last week's exposure of 30,000 email passwords from Windows Live Hotmail, Gmail and other webmail accounts. But a security researcher says the passwords were likely pilfered using data-stealing malware.

Mary Landesman, a senior security researcher at ScanSafe who has closely analyzed the list of email account passwords published by hackers on a public website last week, said the strength of most of the passwords indicates more sophisticated users than those typically duped by phishing scams.

Landesman wrote on the ScanSafe STAT blog that several characteristics of the list point to data-stealing Trojans, which can record keystrokes of PC users, not phishing scams.

An analysis by Microsoft of passwords phished from MySpace users found that 4 percent to 5 percent of the passwords were tip-offs that users realized they were being phished, with passwords like "fake" and "urhacking," according to Landesman.

But the recent cache of email passwords did not include any of this type, Landesman said.

"Certainly no one but the original thief can say for sure and thus the question of origin of the stolen data will likely never be fully answered," she said in the blog. "But as of now, data theft still seems a very likely cause."ADNFCR-1765-ID-19406332-ADNFCR

Related News:

Threat of identity theft shows need for online security - 11.19.2009
As Americans live increasingly large portions of their lives on the internet, the possibilities and incentives for remote identity theft increase as well. A report in the New York Times advises caution, and gives tips for constructing an "online bulwark" to prevent theft and fraud.

Wi-Fi network security vulnerable to man-in-the-middle attacks on smart phones - 11.16.2009
Researchers last week revealed a weakness in mobile network security that could allow for so-called "man-in-the-middle" techniques to steal personal information from users of certain types of mobile phones.

FDIC warns banks of money transfer 'mules' duped by cybercriminals - 11.2.2009
In a new warning to banks about illicit electronic fund transfers, the Federal Deposit Insurance Corporation (FDIC) said last week that online bank account theft is rising using "money mules," unwitting job-seekers who are duped by cyber crooks into wiring funds from hacked bank accounts.

Obama addresses cybersecurity awareness in YouTube video - 10.21.2009
Online cyber attacks and identity theft have never been higher, a threat environment that challenges U.S. security every day. President Obama has designated October as National Cybersecurity Awareness Month, which he addressed in a web video last week.

Facebook application security hole exposes millions to hacking, researcher says - 10.19.2009
A security researcher is warning Facebook users about potential vulnerabilities in Facebook applications that could allow cross-site scripting (XSS) hacker attacks for hijacking user accounts.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now