Hotmail users are being urged to change their usernames and passwords after thousands of details were published online.
Thousands of usernames and passwords for Microsoft’s email accounts with addresses ending hotmail.com, msn.com and live.com have been publicly disclosed online.
According to technology website Neowin, over 20,000 accounts have been compromised. All the accounts begin with the letter A or B, sparking fears that there could be further lists.
The data has been collected via a phishing scam in which fake websites are used to trick people into revealing personal details.
Microsoft said in a statement: “We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation.2
“As part of that investigation, we determined that this is not a breach of any Microsoft servers. Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.”
Microsoft has advised any users that believe their information was documented on the illegal list, to fill out a Windows Live ID Validation form to reclaim access to their account.
Chester Wisniewski, senior security advisor at Sophos, commented: “This is a great time to log into those Facebook, Twitter, Gmail, and Yahoo accounts and do likewise as a simple best practice to prevent yourself from becoming a victim of habit.”
