Microsoft Confirms Hotmail Phishing AttackOctober 5, 2009 – 6:34 PM
Several thousand Hotmail usernames and passwords were exposed on over the weekend via a phishing attack, Microsoft confirmed late on Monday.
Microsoft said it would block access to the accounts that were exposed and work with customers to reclaim access to them.
“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme,” Microsoft said in a statement. “Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”
In a phishing scheme, users are duped into divulging confidential information, often account password and usernames, sometimes attached to financial information. In the Hotmail case, however, users could have used the email program to communicate with banks and other institutions, storing confidential information in their accounts.
Microsoft recommends that users change their Windows Live passwords (which can access Hotmail) every 90 days, Microsoft said. Users who believe they have fallen prey to a phishing scheme should change their passwords immediately, Microsoft advises.