Thousands of Hotmail passwords leaked online

Thousands of Hotmail passwords leaked online - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Thousands of Hotmail passwords leaked online (/showthread.php?tid=92477)

Thousands of Hotmail passwords leaked online by user35870 on 10-05-2009 at 05:15 PM

Neowin.net is reporting that thousands of hotmail passwords have been posted on the internet (pastebin.com to be exact) and they can confirm that the accounts are indeed genuine.

BBC News reports that Microsoft are aware of the situation. Microsoft is currently "investigating the situation and will take appropriate steps as rapidly as possible."

Neowin.net - Thousands of Hotmail passwords leaked online.

BBC News - Hotmail accounts 'posted online'

You are recommended to change your account password ASAP.

RE: Thousands of Hotmail passwords leaked online by blessedguy on 10-05-2009 at 05:35 PM

Just posted about it on my blog.
Still, how could it have leaked? =/

RE: Thousands of Hotmail passwords leaked online by user35870 on 10-05-2009 at 06:21 PM

I think it may be due to a very convincing phishing website, not a actual result of the passwords being "leaked" from Microsoft's servers. As i'm sure Microsoft would store all users passwords in hashs (i.e. md5) in there databases.

RE: Thousands of Hotmail passwords leaked online by WDZ on 10-05-2009 at 08:03 PM

quote:
Originally posted by http://www.eweek.com/c/a/Security/Microsoft-Blame...ing-Attack-546897/
Microsoft confirmed thousands of Hotmail customers had their usernames and passwords posted recently on a third-party site as a result of a likely phishing attack. An investigation by Microsoft has determined that there was no breach of internal data on the company's part.

RE: Thousands of Hotmail passwords leaked online by tony on 10-05-2009 at 08:11 PM

cba changing my password

RE: RE: Thousands of Hotmail passwords leaked online by TheSteve on 10-06-2009 at 01:27 PM

quote:
Originally posted by Chris.
I think it may be due to a very convincing phishing website, not a actual result of the passwords being "leaked" from Microsoft's servers. As i'm sure Microsoft would store all users passwords in hashs (i.e. md5) in there databases.

I don't know about now, however I know that in the past, passport user ids were stored in either plain text, or some sort of reversible encrypted format. One of the support tools given to trusted support engineers had the ability to see the password on a given account.

RE: RE: Thousands of Hotmail passwords leaked online by andrewdodd13 on 10-06-2009 at 02:13 PM

quote:
Originally posted by WDZ

quote:
Originally posted by http://www.eweek.com/c/a/Security/Microsoft-Blame...ing-Attack-546897/
Microsoft confirmed thousands of Hotmail customers had their usernames and passwords posted recently on a third-party site as a result of a likely phishing attack. An investigation by Microsoft has determined that there was no breach of internal data on the company's part.

Tbh this happens all the time. If you browse 4chan's /b/ on a regular basis you will know what I'm on about. It just seems the media has jumped on this one.

RE: Thousands of Hotmail passwords leaked online by Menthix on 10-07-2009 at 12:01 AM

Searching pastebin (pastebin.ca has search) will give you plenty more stolen passwords, not that big of a list though. That's just a few that happened to be posted in public, the giant majority is exchanged in private underground communities.

Password stealing is a business and going on all the time, all those keyloggers, password stealers and phishing sites are not just kiddies being bored (well, a portion is), but criminals using your account to get access to whatever they can get money from.

http://www.mcafee.com/us/local_content/reports/66...ealers_0709_en.pdf was a pretty interesting read.

RE: Thousands of Hotmail passwords leaked online by Zui on 10-09-2009 at 02:50 PM

Well this is just great, I know WL try hard to keep peoples accounts safe but it seems they don't either mine has been comprimised or there is a general fault. I do not know, I just want to know if there will be a retrieval of these accounts it is, after all, quite annoying considering the contents of some of my accounts lost.
If anyone has any idea on if this is even plausable please reply.

RE: Thousands of Hotmail passwords leaked online by Spunky on 10-09-2009 at 03:48 PM

quote:
Originally posted by Zui
Well this is just great, I know WL try hard to keep peoples accounts safe but it seems they don't either mine has been comprimised or there is a general fault. I do not know, I just want to know if there will be a retrieval of these accounts it is, after all, quite annoying considering the contents of some of my accounts lost.
If anyone has any idea on if this is even plausable please reply.

It's not Windows Live's fault. If you account has been taken, you have entered your password into a phishing website.

RE: Thousands of Hotmail passwords leaked online by Zui on 10-09-2009 at 04:52 PM

Well I haven't been on any dodgy sites, so could this just be an error?

RE: Thousands of Hotmail passwords leaked online by Menthix on 10-09-2009 at 05:39 PM

quote:
Originally posted by Zui
Well I haven't been on any dodgy sites, so could this just be an error?

Phishing site (any site which claims to be a web messenger / block checker / etc. where you need to login). Email scam pretending to be a legit site. Some password stealer/keylogger/virus bundled whit what seems to be a legit site.

Visit a dodgy site isn't required to be exploited, it can happen to even the most security cautious people.

The only thing you could try to get your account back is visit http://hotmail.com and follow the "forgot your password?" instructions which are linked to at the login page. Or contact support: browse around on https://help.live.com//help.aspx?project=liveidv1 and you'll find a "More Help" link from where can request support.

RE: Thousands of Hotmail passwords leaked online by Zui on 10-09-2009 at 05:47 PM

I haven't been on any of those sorts of sites, nothing out of the ordinary. And when I go to change my pass it says it's been entered too many times -.0

RE: Thousands of Hotmail passwords leaked online by shenshang on 10-09-2009 at 07:58 PM

its not phishing. its microsofts fault for such a poor encryption that when the information was being transfered to a new server, the information leaked. only accounts beginning from a and b are affected.

RE: Thousands of Hotmail passwords leaked online by CookieRevised on 10-09-2009 at 08:23 PM

quote:
Originally posted by Zui
I haven't been on any of those sorts of sites, nothing out of the ordinary. And when I go to change my pass it says it's been entered too many times -.0

Read and follow the instructions here:
http://windowslivehelp.com/solutions/accounts/arc...s-been-stolen.aspx

quote:
Originally posted by shenshang
its not phishing. its microsofts fault for such a poor encryption that when the information was being transfered to a new server, the information leaked. only accounts beginning from a and b are affected.

First of all, it was because of phising!

More precisly it was an email scam where phising emails were send to people with the request to reply with their login and password (because "otherwise their account would be deleted" or other but similar kind of rubbish).

It had absolutely nothing todo with data being transfered from one server to the other, nor with any encryption. It was simply because all those people actually answered those phising emails with their password and login.

Nor Microsoft, nor Google (also Gmail accounts were targeted and effected by this scam) had anything todo with this.

-

Second, there were far more accounts affected than just the ones starting with a or b (or whatever), but only those starting with a or b (or whatever) were published on pastebin.

RE: Thousands of Hotmail passwords leaked online by Zui on 10-09-2009 at 10:20 PM

I haven't replied to any of them things I am far too weary of that sort of stuff so I leave them be.
A few of my friends and colleagues have been faced with the same issue, again they haven't done anything out of the ordinary. To be honest I would say it is either something to do with a rootmonkey (that annoying msn freezer bot thing) or the servers are down for various accounts (somehow). The only other way is to guess my password or secret questions along with details and that is far too ridiculous to even go into.
Also when I do try changing my password it says something like "You've tried to sign in too many times with an incorrect e-mail address or password." so I am in favour of it being that stupid freezer as this has happened before..

RE: Thousands of Hotmail passwords leaked online by Menthix on 10-09-2009 at 11:33 PM

quote:
Originally posted by Menthix
Visiting a dodgy site isn't required to be exploited, it can happen to even the most security cautious people.

Really, it can happen to the best of us.

As far as I know the Messenger freezer tools like you describe still allow you to sign in to Hotmail. IF you can't sign in to Hotmail anymore it's likely you were a victim of getting your password stolen too. It doesn't have to be by email phishing like Cookie describes, that only refers to the list of over 10,000 which was in the news recently, but passwords get stolen by the masses all the time.

Follow all of the instructions on the windowslivehelp site Cookie linked to, there are multiple things you can try described there.

/me bookmarks Cookie's link.
Finally a direct link to the eform where you don't have to write a tutorial on how to reach the form.

RE: Thousands of Hotmail passwords leaked online by Zui on 10-10-2009 at 12:26 AM

Yeah I have sent it through the wlive help form. If that fails then I will continue upon through those steps.
The freezers do work and have a similar effect I have had them used on me before.. but I don't know, it could well be that the emails are infiltrated I don't know. Hopefully the wl help team will help me

RE: Thousands of Hotmail passwords leaked online by Zui on 10-10-2009 at 03:44 PM

After following a nice Cookie's advice I now obtain all of my accounts back. All I had to do was change the pass, and did that via the wl help sheet and not the usual forgot your password. I am glad this is sorted, and I thank each and everyone of you for helping. From no on, I think I will hang about msg help.