Hotmail hacked?

Davey Winder
Tuesday, 06 October 2009 04:02

Business IT - Security

Microsoft has confirmed that thousands of users of the world's most popular email service need to change their passwords. Urgently.

Do you use Windows Live Hotmail at all? Are you sitting down? In front of your computer? Good, you might want to change your password then. According to reports Microsoft has admitted that it was "aware that some Windows Live Hotmail customers’ credentials were acquired illegally and exposed on a website".

It immediately requested the credentials were removed from that site (I am led to believe it was pastebin.com, which complied with the request) and is currently investigating what happened and the likely impact upon Hotmail customers. "We are working diligently to help customers regain control of their accounts” a spokesperson said.

At the moment the extent of the breach is not known, although the mystery hacker posted details of some 10,000 accounts ending in hotmail.com, msn.com and live.com which appear to be just the tip of the iceberg as it were.

How so? Well the hacker posted the details for accounts starting with letters A and B, 5000 logins for each. Which means, assuming a similar number for the remaining letters of the alphabet, a total haul well in excess of 100,000 potentially compromised accounts.

Of course, there is no evidence as of yet that such a number has been hacked at all, and some experts are warning that this could be the result of a very successful phishing expedition instead.

Indeed, some are already claiming Microsoft is working on the phishing angle and insisting Hotmail had not suffered any "breach of internal data". Not that Hotmail is watertight, earlier this year it was reported that the Hotmail CAPTCHA system had been cracked in 20 seconds flat.

While 100,000 accounts from a total of more than 400 million might seem like a fuss about nothing, percentages don't count for diddly squat if your account is one of that small number.

The good news for Australians is that most of the compromised accounts would appear to be in Europe, which is equally bad news for the UK. Hotmail has something approaching 28% of the webmail market, and in the UK alone serves some 14 million email users.