Microsoft Official Advice RE: Hotmail passwords leaked
We have been contacted by Microsoft regarding the hotmail passwords list and they have asked us to post the following info to you in case its needed by anyone who has been hacked etc and as a general fyi.
I am glad to see Microsoft trying to get the information out there for people not in the know (like a lot of *staff*) so feel free to pass it on to your staff.
We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation. As part of that investigation, we determined that this is not a breach of any Microsoft servers. Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.
If users believe their information was documented on the illegal list, users should fill out the following form
to reclaim access to their account. Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. General information on what to do if you believe you have been victimized via a phishing scam is available on this page
at our support community. Additional Points
Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software. Microsoft recommends customers use the following protective security measures:
- Renew their passwords for Windows Live IDs every 90 days
- For administrators, make sure you approve and authenticate only users that you know and can verify credentials
- As phishing sites can also pose additional threats, install and keep anti-virus software up to date
You could even mention that MS do free av now at http://www.microsoft.com/security_essentials/ (no MS did not ask me to put this in before asking) and its getting good writeups as far as I have seen and anything is better then AVG free ;)