http://www.theregister.co.uk/2009/10/05/hotmail_passwords_leaked/ By Dan Goodin in San Francisco The Register 5th October 2009 Updated: Login credentials for more than 10,000 Microsoft Live accounts have been posted to the internet, most likely by miscreants who found them or harvested them in a phishing attack. In all, there were 10,028 pairs of user names and passwords posted to multiple pages of public upload website Pastebin.com, some of which remained live at time of writing. The stash is likely only a small sample of a much larger haul, since the alphabetical list begins with the user name ararat973_at_private and concludes with blando2713_at_private The discovery coincided with unsubstantiated posts that claimed passwords for all Windows Live accounts had been leaked. That seemed highly unlikely. If one assumed there were 5,500 accounts beginning with each letter of the alphabet - a crude estimate based on the sample - that would come to just 143,000 compromised accounts total. That's a tiny fraction of the 450 million or so total Windows Live accounts out there. The leak is most likely the result of miscreants who harvested the passwords using keystroke-logging trojans or phishing scams. A Microsoft spokeswoman confirmed that the company doesn't store passwords in the clear and said its security team has been investigating the leak since this weekend. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Tue Oct 06 2009 - 01:34:54 PDT
This archive was generated by hypermail 2.2.0 : Tue Oct 06 2009 - 02:00:48 PDT