Microsoft says a highly successful phishing scheme has seen thousands of passwords to Microsoft Hotmail Live email accounts stolen. In a blog posting, Microsoft said the Hotmail credentials were stolen over the weekend and posted to a third party website. In an update it said it was working to block access to exposed accounts.
Microsoft has set up a process for affected account holders to reclaim their Hotmail account.
Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.
According to a report by Neowin.net, an anonymous user posted details of the phished account credentials Oct. 1 at pastebin.com, a site commonly used by developers to share code snippets. The list contained information on more than 10,000 accounts, according to the report.
An updated Neowin report found other webmail services affected as well including Comcast, Earthlink account holders. New reports suggest GMail and Yahoo! mail accounts have also been compromised.