Update to account compromises (2)
07 October 2009
The issues with the exposed email accounts have been far more widespread than previously thought. As the investigation continues, it appears that accounts for Windows Live, Yahoo, Google, AOL, EarthLink, and Comcast have been affected. Details for the affected accounts were posted online but have been taken down by request of the affected sites.
However, it seems that if you have any of those services, you should not start to worry about your privacy. Yahoo, Google, and Microsoft (Windows Live) have confirmed that all of the stolen accounts are real, but that they were compromised as a result of phishing attacks. This means that the account compromises were NOT resulting from internal security problems.
Security experts who are investigating say that the accounts were probably posted online NOT for data theft but instead to make a point to users about phishing attacks, which many people aren’t well aware of. The specific order (alphabetical, it would seem) that the information was posted in seems to indicate that the attackers had been harvesting the information with the intent of posting it online. (1)
It is highly advisable to change any passwords and security questions/answers that you use on any of the affected sites, especially if you click links in emails or use your account to access other online services.