A phishing scam discovered yesterday when thousands of passwords
and user names for Hotmail accounts were posted online now appears
to be much bigger than first thought with users of several other
webmail services now affected.
Private details of webmail accounts from
Google,
Yahoo ,
AOL ,
Comcast and
Earthlink , have appeared
on the web, pushing the number of compromised accounts beyond
20,000.
Users of webmail services are being advised to review all of the
passwords they use online after following the
phishing scam.
Research by security specialists
Sophos, found that 40 percent
of people use the same password for all their online accounts,
raising concerns that victims of the scam may be vulnerable to
futher attacks.
Security experts are urging people to change their webmail and
other passwords and be especially wary of opening attachments.
The growing practise of phishing involves tricking users into
revealing sensitive information to an entity masquerading as a
trusted party, usually via an email which directs users to a fake
website.
All of the stolen information revealed during this latest
incident has been posted to www.pastebin.com, a popular code
sharing website for developers. It is not yet known, however,
whether yesterday's and today's lists are related to the same
scam.
The scope of the attack/s is also unclear. Yesterday, only
details of Hotmail accounts with user names beginning in "A" or "B"
were listed, suggesting that this may be just the first portion of
a much bigger list.
There was some suggestion yesterday that Microsoft's internal
data may have been breached, however, the company, which owns
Hotmail, promptly issued a statement confirming that the a
third-party website was the source of the attack.