+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
General Chat Thread, Thousands of Hotmail passwords leaked online! in General; This is not a joke! Change your Hotmail Passwords and Security Questions Immediately! Originally Posted by Neowin Neowin has received ...
  1. #1
    Zoom7000's Avatar
    Join Date
    Feb 2006
    Location
    London
    Posts
    958
    Thank Post
    309
    Thanked 86 Times in 57 Posts
    Rep Power
    33

    Thousands of Hotmail passwords leaked online!

    This is not a joke! Change your Hotmail Passwords and Security Questions Immediately!

    Quote Originally Posted by Neowin
    Neowin has received information regarding a possible Windows Live Hotmail "hack" or phishing scheme where password details of thousands of Hotmail accounts have been posted online.

    An anonymous user posted details of the accounts on October 1 at pastebin.com, a site commonly used by developers to share code snippets. The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft's Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

    Neowin has reported this immediately to Microsoft's Security Response Center and to Microsoft's PR teams in the UK and US and we are currently awaiting feedback on the situation. As this is a breaking story please check back frequently as the story will be updated as soon as more information becomes available.

    If you are a Windows Live Hotmail user Neowin recommends that you change your password and security question immediately.

    Thanks to Chris for the news tip

    Update: According to BBC News, Microsoft is currently "investigating the situation and will take appropriate steps as rapidly as possible."
    More Information:
    Thousands of Hotmail passwords leaked online
    BBC NEWS | Technology | Hotmail accounts 'posted online'
    Hotmail Password Hacking: Microsoft Investigating Claims Details Of Thousands Of Accounts Put Online | Technology | Sky News

  2. #2
    t_h
    t_h is offline
    t_h's Avatar
    Join Date
    Aug 2009
    Location
    Manchester
    Posts
    131
    Thank Post
    7
    Thanked 20 Times in 18 Posts
    Rep Power
    15
    I was under the impression they were phished rather than hacked but I've changed mine as a precaution anyway.

  3. #3
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Since Hotmail doesn't store passwords as clear text even if they were harvested they wouldn't be much use also if they aren't stored as clear text then they can't be leaked.
    I suspect it will be a list collected with key loggers or duping users to log into fake hotmail sites or "muppets" who logon to their webmail through proxy anonymizers.

  4. #4
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,219
    Thank Post
    159
    Thanked 147 Times in 132 Posts
    Rep Power
    103
    Hashes can be cracked... :-)

    Phished through proxy websites is probably the most likely scenario, I doubt MS has any SQLI on that side of things.

    Had to send an e-mail out to staff, I think we've had one teacher who has been a victim.

  5. #5
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    Hashes can be cracked... :-)
    Well yes of course but if it was non reversible encryption it would take some time to crack several million passwords assuming they're good passwords of course

    It would be nice if hotmail would at least force an annual password change.
    Last edited by cookie_monster; 5th October 2009 at 07:17 PM.

  6. #6
    OllieC's Avatar
    Join Date
    Jun 2009
    Location
    Derby/Birmingham
    Posts
    187
    Thank Post
    17
    Thanked 16 Times in 10 Posts
    Rep Power
    13
    Can't really be bothered to change live mail password.... :/ Will probably do it later when I've thought of a new password to use.

  7. #7
    painejake's Avatar
    Join Date
    Jan 2009
    Location
    Birmingham
    Posts
    100
    Thank Post
    38
    Thanked 8 Times in 8 Posts
    Rep Power
    14
    Quote Originally Posted by dwhyte85 View Post
    Hashes can be cracked... :-)

    Phished through proxy websites is probably the most likely scenario, I doubt MS has any SQLI on that side of things.
    Yeah cracking the passwords just wouldn't be worth the amount of time it would take

  8. #8

    Join Date
    Jul 2009
    Posts
    567
    Thank Post
    46
    Thanked 106 Times in 91 Posts
    Rep Power
    68
    Quote Originally Posted by cookie_monster View Post
    It would be nice if hotmail would at least force an annual password change.
    you do have an option to force you to change your password every 70 days or so. it's on the page where you change your password

  9. #9
    dwhyte85's Avatar
    Join Date
    Mar 2009
    Location
    Berkshire
    Posts
    1,219
    Thank Post
    159
    Thanked 147 Times in 132 Posts
    Rep Power
    103
    @painejake ... If someone had found a leak it would be TOTALLY worth attempting to crack the hash! In terms of a naughty chappy they could pretty much guarantee a load of access to PayPal accounts, FaceBooks, dim people who save passwords in there mailboxes, potentially several million extra people to spam through address books!

    ... besides the fact you'd get one over on Microsoft, it would be all over the IT news websites and for any 'hacker' this would be the ultimate exposure!

  10. #10
    t_h
    t_h is offline
    t_h's Avatar
    Join Date
    Aug 2009
    Location
    Manchester
    Posts
    131
    Thank Post
    7
    Thanked 20 Times in 18 Posts
    Rep Power
    15
    If you had the hashes it wouldn't take much "cracking" - more like comparing it to a table of known hashes. Of course this wouldn't work for good passwords but most are atrocious.

  11. #11
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    you do have an option to force you to change your password every 70 days or so. it's on the page where you change your password
    Yes but it's not enabled by default.

  12. #12

    CHR1S's Avatar
    Join Date
    Feb 2006
    Location
    Birmingham
    Posts
    4,505
    Thank Post
    1,585
    Thanked 486 Times in 304 Posts
    Rep Power
    217
    I once had my Hotmail hacked, I have no idea how. I had a very random and secure password, never been phished or even used a proxy to access. It was a targetted hack tho as they wanted my old dormant WOW account.

    Weird.

  13. #13

    Join Date
    Apr 2009
    Posts
    123
    Thank Post
    10
    Thanked 5 Times in 5 Posts
    Rep Power
    0
    I've had the same hotmail account for centuries now. I was one of the originals with a common-ish name without any numbers!

    I always ignore emails from MSN/Hotmail/Live anyway. I had a spurt of password change requests. As a rule, I only view mail that I know the sender of. The rest are deleted/junked.

  14. #14
    cookie_monster's Avatar
    Join Date
    May 2007
    Location
    Derbyshire
    Posts
    4,205
    Thank Post
    394
    Thanked 278 Times in 239 Posts
    Rep Power
    74
    As suspected, NOT a hotmail issue.

    BBC NEWS | Technology | Scam hits more e-mail accounts

  15. #15
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,891
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    60
    I've just changed my password for my PassPort account............logged into my MSN this morning too find my status name was different!!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. [Joke] Vista Source Code - Leaked
    By _Bat_ in forum Jokes/Interweb Things
    Replies: 5
    Last Post: 6th October 2009, 04:49 PM
  2. Replies: 4
    Last Post: 25th June 2007, 01:33 PM
  3. Vista Leaked
    By Geoff in forum Windows Vista
    Replies: 21
    Last Post: 13th November 2006, 09:05 PM
  4. OSx86 10.4.4 Leaked
    By Geoff in forum Mac
    Replies: 4
    Last Post: 30th January 2006, 07:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •