Software giant Microsoft has urged hundreds of millions of its Hotmail users to change their passwords after a privacy violation has resulted in users' account details posted on the internet.
In a blog post on the company site, the Windows Live team has recommended users take a number of security measures in securing their email accounts.
"Microsoft recommends customers use the following protective security measures: Renew their passwords for Windows Live IDs every 90 days... for administrators, make sure you approve and authenticate only users that you know and can verify credentials... as phishing sites can also pose additional threads, please install and keep anti-virus software up to date."
Microsoft updated the blog post hours later, saying that as a result of an investigation the company is blocking access to the exposed accounts.
"If you believe your information was documented on the illegal list, please fill out the following form to reclaim access to your account."
The company said in the post it became aware over the weekend that several users' details were posted on a third-party site due to a "likely phishing scheme". The affected emails end with the suffixes @live.com, @msn.com and @hotmail.com.
The details of about 10,000 accounts were posted on pastebin.com, while tech blog neowin.net reported on the posting yesterday. It said the list focused on European accounts, but also said similar lists could also exist elsewhere.
"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," Microsoft said.
"Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software."
"Phishing" refers to an activity where scammers send emails to users that look legitimate, but actually are fakes that are used to obtain details. Similar attacks have affected users of popular social networks including Facebook and Twitter.
Related Items :
The jury, per se, is still out about this being a mass phishing attack. Mary Landesman, a senior security researcher at San Francisco-based ScanSafe thinks there’s another explanation - botnets. I agree with her.
"Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those from Windows Live ID, the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online services." (Source: InfoWorld Article as quoted on my blog)
Thought you and your readers might like to know!
Debbie Mahler