***Hotmail & Gmail Passwords Phished***

Lefty

Yank
Hotmail & Gmail users may want to check their account.

Hotmail Passwords Phished, Showcased Online
Oct 06 2009
106721_matter.jpg
shim.gif
shim.gif
shim.gif
shim.gif



If you are one of those rare specimens who actually use a Hotmail account (we'd like to see you, some day) do you remember logging on to a website that looked like Hotmail (same as Windows Live), just over the weekend? If your answer is in the affirmative, you might want to check whether your account has been compromised.

Apparently, a huge phishing attack was underway over the weekend and many Hotmail users were made to enter their personal information and passwords on a Phishing website (something that looked like Hotmail, but was actually not it). The attack seemed to have affected a host of Hotmail users in the EU and Microsoft has, since then, blocked access to all compromised accounts and is in the process of restoring access to its rightful owners.

As always, this time too, the hackers used social engineering tricks to lure their potential victims to click on an authentic looking link, which eventually leads to a very authentic looking website. The result was that within hours several Hotmail passwords and user IDs were up for everyone to see on a website. Microsoft has confirmed that this was just a phishing attack and that there were no breaches into Microsoft's data.

Oh and should you be using Hotmail by any chance, Microsoft wants you to change your password every 90 days just to be on the safer side.



Update


Apparently, the attack seems to be on a much larger scale than expected, and according to BBC, it is not just Hotmail users that have been affected. Many Gmail addresses too have been found in the long list of user accounts that were compromised and their details posted online. There are other e-mail providers too in the list, but Hotmail and Gmail accounts seem to be the major ones affected. The account details were posted on Pastebin.com, a text sharing site. Folks at Neowin were the first to spot the phishing attack and subsequently brought it to the attention of users.



Source http://www.techtree.com/techtree/jsp/article.jsp?print=1&article_id=106721&cat_id=643
 
Top