Hotmail accounts compromised?

Tue Oct 6 00:07:02 CEST 2009

REPLY TO: D66 at nic.surfnet.nl

Alarm, alarm, de paswoorden van hotmail zijn gestolen.
Niet bij MS, maar bij de individuele gebruikers.
De passwords die beginnen met A en B zijn bekend gemaakt op een website.

Hoe wisten de phishers waar ze moesten zijn voor die A's en B's?
Hebben ze ze ook in volgorde gephishered (is dat een woord? ;)

Groet / Cees

http://gadgetwise.blogs.nytimes.com/2009/10/05/hotmail-passwords-stolen/index.html?hp
October 5, 2009, 4:15 pm
Hotmail Passwords Stolen
By Riva Richmond

Someone posted login details for thousands of Hotmail e-mail accounts
online over the weekend, in what appears to be only part of an enormous
haul of stolen passwords netted in a phishing scheme.

Neowin today reported that on Thursday an anonymous user posted login
details for more than 10,000 Hotmail accounts on pastebin.com, a site
where software developers often share code. The list has been removed, but
Neowin said the list showed accounts starting with the letters A and B,
suggesting it is only a small slice of a much larger list. Addresses used
@hotmail.com, @msn.com and @live.com domains.

Microsoft confirmed the list’s authenticity and said the details were
stolen in a phishing scheme—not in any security breach of the company’s
own systems—and is now scrambling to protect affected users. Phishing is
large and growing problem on the Internet in which users are tricked into
handing over their login details to unscrupulous actors. These schemes
have become extremely sophisticated and often involve e-mail messages and
Web pages that look like they come from legitimate companies but are
entirely faked.

“Over the weekend Microsoft learned that several thousand Windows Live
Hotmail customers’ credentials were exposed on a third-party site due to a
phishing scheme,” the company said in an e-mailed statement. Spokeswoman
Kate McGillem declined to provide details on the phishing attack the
company believes caused the theft.

“We are working with affected customers to help them regain control of
their accounts, and as part of this process, all affected customers will
eventually have to change their passwords,” she said. “As a protective
security measure, Microsoft recommends that all Hotmail customers change
their Live ID passwords every 90 days.”

I wouldn’t recommend waiting for Microsoft. If you use Hotmail, go change
your password and security question now. Remember that e-mail accounts are
coveted by hackers because they can be used to find or reset passwords for
other online accounts (including financial accounts), and contain lots of
rich detail useful in identity-fraud schemes.

Microsoft also advises its customers “to exercise extreme caution when
opening unsolicited attachments and links from both known and unknown
sources” and to maintain up-to-date antivirus defenses.

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********