AOH :: ISNQ5481.HTM

10,000 Hotmail passwords mysteriously leaked to web




10,000 Hotmail passwords mysteriously leaked to web
10,000 Hotmail passwords mysteriously leaked to web



http://www.theregister.co.uk/2009/10/05/hotmail_passwords_leaked/ 

By Dan Goodin in San Francisco
The Register
5th October 2009

Updated: Login credentials for more than 10,000 Microsoft Live accounts 
have been posted to the internet, most likely by miscreants who found 
them or harvested them in a phishing attack.

In all, there were 10,028 pairs of user names and passwords posted to 
multiple pages of public upload website Pastebin.com, some of which 
remained live at time of writing. The stash is likely only a small 
sample of a much larger haul, since the alphabetical list begins with 
the user name ararat973@hoymail.com and concludes with 
blando2713@hotmail.com. 

The discovery coincided with unsubstantiated posts that claimed 
passwords for all Windows Live accounts had been leaked. That seemed 
highly unlikely. If one assumed there were 5,500 accounts beginning with 
each letter of the alphabet - a crude estimate based on the sample - 
that would come to just 143,000 compromised accounts total. That's a 
tiny fraction of the 450 million or so total Windows Live accounts out 
there.

The leak is most likely the result of miscreants who harvested the 
passwords using keystroke-logging trojans or phishing scams. A Microsoft 
spokeswoman confirmed that the company doesn't store passwords in the 
clear and said its security team has been investigating the leak since 
this weekend.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods