Hotmail Password Attack Spreads to Gmail, Yahoo

This most recent email hacking attack happened over the course of this past weekend and affected over 10,000 Hotmail account email addresses and passwords were published online. The attack also targeted other email services, including Gmail and Yahoo.

"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," Microsoft said in a statement. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

The phishing scam, which is now apparently not limited to Hotmail, persuaded users via email to divulge confidential information, often account password and user names, sometimes attached to financial information. Alist of more than 20,000 more names and passwords that have reportedly been posted online. The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.

The latest list was reportedly posted to a site named Pastebin. This is the same site to which the Hotmail list was originally uploaded. The site is intended for web developers to share code. Pastebin has since been taken down for maintenance by its owner.

The list detailed more than 10,000 accounts starting with the letters A and B. More lists could be forthcoming, so it is imperative that all email users (whether you have Hotmail, Gmail, Yahoo, AOL or any other service) change their passwords and make sure their anti-virus software is up to date.

An immediate action list should be taken by email users today and this should be something done on a regular basis:

*Change email password
*Confirm that anti-virus program is up to date
*Be cautious when opening email attachments
*Do not visit links given in emails that are questionable

Many phishing scams pose as companies you trust, such as PayPal or eBay. Check to see if the address is completely correct before replying or opening attachments.

Users should be conditioned to changing their password frequently. Some advice every 90 days, but with the high rate of scams and phishing attacks, a more frequent change might just be in order. In light of this most recent attack on Hotmail, this is yet another wake up call for all email users.