+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 27 of 27
General Chat Thread, Thousands of Hotmail passwords leaked online! in General; ...
  1. #16

    ZeroHour's Avatar
    Join Date
    Dec 2005
    Location
    Edinburgh, Scotland
    Posts
    5,709
    Thank Post
    906
    Thanked 1,324 Times in 805 Posts
    Blog Entries
    1
    Rep Power
    446
    We have been contacted by Microsoft (well someone from a MS Press office) regarding this and they have asked us to post the following info to you in case its needed by anyone.
    We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation. As part of that investigation, we determined that this is not a breach of any Microsoft servers. Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.

    If users believe their information was documented on the illegal list, users should fill out the following form to reclaim access to their account. Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. General information on what to do if you believe you have been victimized via a phishing scam is available on this page at our support community.

    Additional Points
    Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.

    Microsoft recommends customers use the following protective security measures:
    • Renew their passwords for Windows Live IDs every 90 days
    • For administrators, make sure you approve and authenticate only users that you know and can verify credentials
    • As phishing sites can also pose additional threats, install and keep anti-virus software up to date
    I am glad to see Microsoft trying to get the information out there for people not in the know (like a lot of *staff*) so feel free to pass it on to your staff. You could even mention that MS do free av now at http://www.microsoft.com/security_essentials/ (no MS did not ask me to put this in before asking) and its getting good writeups as far as I have seen and anything is better then AVG free

  2. #17
    leon999uk's Avatar
    Join Date
    Oct 2009
    Posts
    66
    Thank Post
    7
    Thanked 6 Times in 6 Posts
    Rep Power
    10
    Scam hits more e-mail accounts

    More than 20,000 e-mail addresses have been seen by the BBC.
    The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought.
    BBC News has seen a list of more than 20,000 more names and passwords that have been posted online.
    The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.
    The list was published on the same website as the original list of 10,000 Hotmail login details.
    Some of the accounts appear to be old, unused or fake. However, BBC News has confirmed that many - including Gmail and Hotmail addresses - are genuine.
    Other addresses include Comcast and Earthlink accounts.
    It is not clear whether the list was part of the same phishing attack that collected the Hotmail addresses or a separate scam.
    Phishing involves using fake websites to lure people into revealing details such as bank account details or login names.
    A spokesperson for Microsoft said phishing was an "industry-wide problem".

    Link to full article: BBC NEWS | Technology | Scam hits more e-mail accounts

  3. #18
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,202
    Thank Post
    393
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Typical

    The most common single password in the sample of 10,000 purloined Live ID login credentials posted as a text file to developer site PasteBin.com was "123456", something only marginally more secure than the traditional favourite "password".
    Hotmail phish exposes most common passwords ? The Register

  4. #19
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,026
    Thank Post
    157
    Thanked 58 Times in 46 Posts
    Rep Power
    29
    Quote Originally Posted by ZeroHour View Post
    We have been contacted by Microsoft (well someone from a MS Press office) regarding this and they have asked us to post the following info to you in case its needed by anyone.

    If users believe their information was documented on the illegal list, users should fill out the following form to reclaim access to their account. Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. General information on what to do if you believe you have been victimized via a phishing scam is available on this page at our support community.

    This paragraph directs you to a form that starts asking for all sorts of personal information, including your credit card number, expiry date and secret answers to your live accounts. Surely this is not the information Microsoft should be asking for, especially when we are always told to never give out your credit card details when someone asks for them. Am I right in ignoring the form or am I being a bit too over protective of my personal financial information?

  5. #20
    oalcock's Avatar
    Join Date
    Jul 2009
    Location
    Lancashire
    Posts
    379
    Thank Post
    41
    Thanked 6 Times in 6 Posts
    Rep Power
    11
    I agree dezt

  6. #21
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,202
    Thank Post
    393
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    They aren't mandatory fields and I imagine you only fill them in if you use paid for Live services.

    Mandatory fields are marked (required fields * )

  7. #22
    oalcock's Avatar
    Join Date
    Jul 2009
    Location
    Lancashire
    Posts
    379
    Thank Post
    41
    Thanked 6 Times in 6 Posts
    Rep Power
    11
    I recon this could be a scam, but the domain is the same as hotmail's usual domain. I doubt there would be any reason what so ever why Hotmail would need your card details.

  8. #23

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,694
    Thank Post
    516
    Thanked 2,455 Times in 1,899 Posts
    Blog Entries
    24
    Rep Power
    833
    Quote Originally Posted by oalcock View Post
    I recon this could be a scam, but the domain is the same as hotmail's usual domain. I doubt there would be any reason what so ever why Hotmail would need your card details.
    Did you actually read the message, and the form? ie. the part where the form is for reclaiming accounts you've been locked out of. The subheading saying 'for users with paid services' etc...?

    It is on an official live.com site, ie. they'd have had to hack the MS website to be able to do that.

  9. Thanks to localzuk from:

    cookie_monster (7th October 2009)

  10. #24
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,202
    Thank Post
    393
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    As stated above.

    They aren't mandatory fields and I imagine you only fill them in if you use paid for Live services.

    Mandatory fields are marked (required fields * )

  11. #25

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,503
    Thank Post
    1,585
    Thanked 485 Times in 303 Posts
    Rep Power
    217
    Quote Originally Posted by oalcock View Post
    I recon this could be a scam, but the domain is the same as hotmail's usual domain. I doubt there would be any reason what so ever why Hotmail would need your card details.
    Its not a scam, I had to provide that info and more to recover my account before. If its more comfortable you can also ring MS and provide the info over the phone.

  12. #26
    oalcock's Avatar
    Join Date
    Jul 2009
    Location
    Lancashire
    Posts
    379
    Thank Post
    41
    Thanked 6 Times in 6 Posts
    Rep Power
    11
    The interface doesn't seem very secure to be asking for credit card details!

  13. #27
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,202
    Thank Post
    393
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    The interface doesn't seem very secure to be asking for credit card details!
    It's https
    Last edited by cookie_monster; 7th October 2009 at 02:52 PM.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. [Joke] Vista Source Code - Leaked
    By _Bat_ in forum Jokes/Interweb Things
    Replies: 5
    Last Post: 6th October 2009, 04:49 PM
  2. Replies: 4
    Last Post: 25th June 2007, 01:33 PM
  3. Vista Leaked
    By Geoff in forum Windows Vista
    Replies: 21
    Last Post: 13th November 2006, 09:05 PM
  4. OSx86 10.4.4 Leaked
    By Geoff in forum Mac
    Replies: 4
    Last Post: 30th January 2006, 07:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •