Hotmail Usernames, Passwords Exposed Online

More than 10,000 Hotmail account-holders got a rude surprise this week when it was discovered somebody had posted e-mail username and password information on the Internet. Microsoft officials say the hackers didn’t steal the info from a database. Rather, they “tricked users of its Hotmail, Windows Live and MSN web-based email accounts in to handing over their login details,” according to the paper.

According to British publication The Daily Telegraph, the list was found on Pastebin.com, a site intended as a forum through which developers share code. (Since news of the breach broke, Pastebin creator Paul Dixon has temporarily disabled the site and implemented security measures designed to ensure that the compromised accounts can’t be reposted, according to ZDNet UK). 

Microsoft has responded with a statement warning consumers to “exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources” and to keep anti-virus measures current.


Unfortunately, Hotmail users weren’t the only ones to have their information exposed. BBC News reports that it has seen a list containing 20,000 names and passwords for Yahoo, Gmail, AOL, Comcast and Earthlink accounts that were also posted to Pastebin.com. Some are “old, unused or fake,” according to the news service. But many are legitimate.

There’s no telling yet whether the exposed information observed by the BBC was obtained by the perpetrators responsible for publishing the Hotmail login data.  Unfortunately, this is just one among a long line of phishing-related incidents. If you think you’ve divulged personal information to a bogus web site or e-mail fraudster, Microsoft recommends the following:

•    Report the incident to the proper authorities
•    Change the passwords on all your online accounts
•    Review your credit reports and your bank and credit card statements
•    Make sure you are using the latest technologies to help protect yourself from future scams