Windows Live Hotmail Accounts Compromised

06 October 2009

It appears that thousands of Windows Live accounts have been compromised due to what Microsoft seems to think is a phishing scheme. To quote Microsoft's description of the problem:

"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

It would appear that Microsoft has regained control of the compromised accounts and is working to help the affected owners of those accounts regain control. As far as my understanding of the situation goes, the credentials to the phished accounts were posted online, but have since been removed per request from Microsoft. As of their latest update, which came at 3PM today, access to all the compromised accounts has been blocked. If you think that your account was among those that were affected, Microsoft provides a link to a form you can fill out; https://support.live.com/eform.aspx?productKey=wlidvalidation&ct=eformcs&scrx=1

In any case, it is advisable to change your password in order to ensure the safety of your account and any information you have on it.

In addition, they also recommend that you change your Windows Live password every 90 days. The SANS Internet Storm Center has more tips to avoid phishing and other data theft as well:

More information about the issue can be found on the BBC web site as well as on the Windows Live support center.

• • •

Stay updated by email
or, grab the feed

Found something wrong? Get in touch.