A major phishing operation is being blamed for the reported theft of thousands of log-in credentials on Microsoft's Hotmail service.
After investigating the reports, Microsoft said that it had traced the thefts back to a phishing page that gathered user data, and stressed that no internal systems had been compromised.
Microsoft news site Neowin.net reported early on Monday that user names and passwords for more than 10,000 accounts had been posted on code-sharing service Pastebin. The site reported that the majority of the compromised accounts were believed to be from Europe.
Microsoft is advising users whose credentials may have been compromised to immediately change their passwords. Users are also encouraged to change their password recovery questions and update their alternative email addresses.
Both Microsoft and third-party security groups have long suggested that users make efforts to avoid phishing attacks by carefully checking the URL and content of pages which ask for log-in information, and to avoid providing any information to untrusted parties or suspicious pages.
Although some reports have indicated that phishing activity has fallen slightly in recent months, experts predict that activity will climb as Christmas draws near.
See also:
Experts ponder the internet's fate at the London Future of Web Apps event 02 Oct 2009
Scammers and phishers getting into social networking in a big way 02 Oct 2009
All Hacking Tags: Hotmail, Phishing, Threats, Cybercrime, Microsoft, Crime, Web, Threats, Ecommerce, Security
del.icio.us
Digg this
reddit!
