Microsoft warns of Hotmail privacy breach
Software giant Microsoft has urged hundreds of millions of its Hotmail users to change their passwords after a privacy violation has resulted in users' account details posted on the internet.
In a blog post on the company site, the Windows Live team has recommended users take a number of security measures in securing their email accounts.
"Microsoft recommends customers use the following protective security measures: Renew their passwords for Windows Live IDs every 90 days... for administrators, make sure you approve and authenticate only users that you know and can verify credentials... as phishing sites can also pose additional threads, please install and keep anti-virus software up to date."
Microsoft updated the blog post hours later, saying that as a result of an investigation the company is blocking access to the exposed accounts.
"If you believe your information was documented on the illegal list, please fill out the following form to reclaim access to your account."
The company said in the post it became aware over the weekend that several users' details were posted on a third-party site due to a "likely phishing scheme". The affected emails end with the suffixes @live.com, @msn.com and @hotmail.com.
The details of about 10,000 accounts were posted on pastebin.com, while tech blog neowin.net reported on the posting yesterday. It said the list focused on European accounts, but also said similar lists could also exist elsewhere.
"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," Microsoft said.
"Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software."
"Phishing" refers to an activity where scammers send emails to users that look legitimate, but actually are fakes that are used to obtain details. Similar attacks have affected users of popular social networks including Facebook and Twitter.