Microsoft confirmed yesterday evening that the popular web email service, Hotmail, had been targeted by malicious fraudsters in what is commonly referred to as a phishing scam, tricking users into revealing their credentials at fake websites. Neowin can today reveal that more lists are circulating with genuine account information and that over 20,000 accounts have now been compromised. Non-Hotmail passport accounts have been affected too. A new list contains email accounts for Gmail, Yahoo, Comcast, Earthlink and other third party popular web mail services. It's not clear if this is login information for the service itself or the Microsoft Passport passwords.
Microsoft confirmed Neowin's exclusive report yesterday evening and issued a statement on a company blog:
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
It's clear the lists are the result of a phishing scam and some commenters at Neowin suggest it could be the result of unwitting users sending their credentials to sites that name who has blocked you on popular instant messaging software Windows Live Messenger.
Neowin has once again reported the new lists to Microsoft's Security Response Center and can confirm that the lists originated from pastebin.com, a site commonly used by developers to share code snippets. Pastebin owner Paul Dixon confirmed that the site was down for maintenance due to "an unprecedented amount of traffic" after our initial reports. Dixon stated "Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications."
Update: The phishing attack has spread to Google Mail and Yahoo mail amongst others, we're currently awaiting full confirmation on the number of accounts at each service. BBC News is reporting that Google have confirmed the phishing attack.
If you are concerned about Phishing scams, please read our anatomy of a Phishing scam to better protect yourself in future.
Or, hell, why not just email them all with a simple "hey, this is Neowin, your email came up on our list of potentially phished accounts, you might want to look into changing your passwords"?
But you should change your passwords anyhow
The internet *is* public..
plus I never give away my password in any database
btw my passwords are 12345678 , asdfghj and the last one qwertyuio
In all seriousness this is quite worrying the amount of people that are losing passwords over these phishing scams :\
Also Pastebin is now down with this message posted,
"Down for maintenance - 6th Oct 2009
Pastebin.com is getting an unprecedented amount of traffic due to a news story in which some leaked Hotmail passwords have been pasted on this site
Pastebin.com was intended as a tool to aid software developers, not for distributing this sort of material. Filters have been put in place to prevent reoccurrence, but the current traffic level is unsustainable.
Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications
Paul Dixon"
yeah its understandable he shut it down, i would do rather than pay high b/w costs
this is true, your average idiot will go to the site and see various code snippets and panic
It is from msn-block.com, NOT by exploiting Microsoft
Here is a comment from the original source which reported this scam(which was written on October 2nd): http://blog.nirsoft.net/2009/08/29/msn-blo...al/#comment-597
I saw that list btw, and I think that Microsoft must find a way to help those hacked people, they MUST find a way
If you think you got hacked too, you can verify by googling your email, in the format email:pass and you will see if you are in the list (this list is really spread now almost everywhere)
If I called you on the phone and asked for your hotmail account details, and you gave them to me, would that be hacking? No of course not, and neither is this.
How the hell is that not clear enough? Its even in the damn title!
Really? That just adds the info to Google's DB and puts it in various history lists. Doesn't sound very sensible to me.
It works, I checked it with some of the emails in the list and it detected them, it is not fake.
It works, I checked it with some of the emails in the list and it detected them, it is not fake.
Yes it is, No Matter what u put in, it comes back with the same answer!
try it type somethin random as long as it has an @live or hotmail or msn
it will say the same thing, i tried it with a uncompleted email eg whataloadof*******crapthisis@live with out the .com and again same answer!!
It dosnt work, its not checking any list at all
It works, I checked it with some of the emails in the list and it detected them, it is not fake.
Yes it is, No Matter what u put in, it comes back with the same answer!
try it type somethin random as long as it has an @live or hotmail or msn
it will say the same thing, i tried it with a uncompleted email eg whataloadof*******crapthisis@live with out the .com and again same answer!!
It dosnt work, its not checking any list at all
What makes you think that a random non-existent email address will be phished?
Wasiphished.com
Name Servers:
ns1235.hostgator.com
ns1236.hostgator.com
Creation date: 06 Oct 2009 00:31:06
Expiration date: 06 Oct 2010 00:31:06
meh, just don't publish your email on it.
(we can't guarantee our list is 100% accurate.) ......oh and thanks for suppling your email to us, its now been added to spam sites heres some emails on our behalf.
but oh wait they forgot to add that bit..
Name Servers:
ns1235.hostgator.com
ns1236.hostgator.com
Creation date: 06 Oct 2009 00:31:06
Expiration date: 06 Oct 2010 00:31:06
meh, just don't publish your email on it.
Yes, Hostgator hosts the site that I created last night. Great detective work.
damn i just chnaged my pass for no reason.
Just enter your email address and password and we'll check to see if it's on our list, I mean, the list.
You mean http://wasiphished.com/ ?
Last edited by awesum22 on 06 Oct 2009 - 10:26
I've taken the site offline as the traffic was so high I couldn't efficiently perform a cleanup. It will be back up in a few hours hopefully - I have a day job to attend to too!
I've seen account names starting with almost all 26 letters of English alphabet and *trust me they are working* ,hence more than the reported 10k accounts must have been compromised It is even possible to take over face-book,twitter or other accounts using the details available! It will then wreak havoc.Sigh
btw http://aspvbr.wooh-im-blocked.com/ seems to be the source .Cannot confirm, but tis definitely one of them
Last edited by awesum22 on 06 Oct 2009 - 12:06
I found pages of leaked emails using google caches. They have been removed from pastebin,however they are alive on the planet. A crafted google search will reveal tons of offending pages
btw http://aspvbr.wooh-im-blocked.com/ seems to be the source .Cannot confirm, but tis definitely one of them
Luckily Firefox detects that that site is known for phishing and tells me before I get to it! Firefox wins again!
I, did not fall for any phishing scam, but if my email is on that list, it means it is a hack.
Please Neowin add this site to the article !
Please Neowin add this site to the article !
This Sites a load of cack. No matter if u stuck made up crap in, it gives the same answer
How is this confiming if a persons email and pass was recorded ??
How is this confiming if a persons email and pass was recorded ??
It is not, I tried it with some emails which were in the list and one which were not, and it recognized the ones in the list.of course they have the database, which everybody now got.
It does work - I tried my email address and it wasn't found, so I then tried something like chris@hotmail.com, an email address which people are likely to type in to see if the blocker checker thing works, and it was on the list.
How is this confiming if a persons email and pass was recorded ??
It is not, I tried it with some emails which were in the list and one which were not, and it recognized the ones in the list.of course they have the database, which everybody now got.
funny that, i just went to create a hotmail address thats not in use.
and the site again says the same thing, how can the email address be on the list if Hotmail says its available ?
It does work - I tried my email address and it wasn't found, so I then tried something like chris@hotmail.com, an email address which people are likely to type in to see if the blocker checker thing works, and it was on the list.
DOH ...haha and what reply did u get
Not likely, but change your password just in case.
(we can't guarantee our list is 100% accurate.).........yeah thought so
Please Neowin add this site to the article !
This Sites a load of cack. No matter if u stuck made up crap in, it gives the same answer
How is this confiming if a persons email and pass was recorded ??
The site merely looks up an email you enter and reports whether or not it was found, using the leaked lists as a source. Pretty simple.
How is this confiming if a persons email and pass was recorded ??
It is not, I tried it with some emails which were in the list and one which were not, and it recognized the ones in the list.of course they have the database, which everybody now got.
funny that, i just went to create a hotmail address thats not in use.
and the site again says the same thing, how can the email address be on the list if Hotmail says its available ?
I don't believe you. Visit http://www.withinwindows.com, click About Me, and run to the bottom to find my email address. Email me the demo account you created.
If you havn't given away any of you information, you don't need to worry.
good good
If your smarter than the 20k plus idiots who have tried the (are u blocks on msn sites), your fine.
I said if this was a phishing scam, whoever posted it probably pulled this from a database, meaning it was easy to sort out @live, @hotmail @live.uk, @msn and make it appear to be a breach, but in reality even @gmail or @anyisp could be affected and people not aware!
Do you trust putting your details into another site to see if you have been phished? Even if you do have the common sense to change your password before doing so, is your email address just being harvested for spammers?
is it a Deja vu?.
As far as i can remember,it is not the first time that happens it.
is it a Deja vu?.
As far as i can remember,it is not the first time that happens it.
Good thing we're not relying on your poor memory.
I changed my passwords either way, I was long overdue for doing so anyway.
There is NOTHING new about this. 10,000 stolen hotmail and yahoo accounts is nothing new at all, it happens weekly. Neowin has just caused some weird hysteria over something that has always been. Build a bridge and get over it, there is nothing to report here.
http://news.slashdot.org/story/09/10/05/23...-On-November-16
We shall see.
Am I missing something or this is a story from 2006?
History repeats itself.
The Thawte WOT has to do with Public Key Infrastructure (PKI), not related to the discussed WOT.
thanks for the clarification, i was wondering about that.
here is an example how it protects you for those who don't know how it works
http://www.youtube.com/watch?v=8hMqTYaZDps
Last edited by warwagon on 06 Oct 2009 - 15:01
No, it was posted today: Tuesday, October 6th.
I doubt it was any kind of phishing scam as I wouldn't have fallen for it.
From midnight on 7 october 2009 people on my GMAIL address book where all sent the following message in batches of 10
"Subject: Hello!
How are you recently?
I bought a laptop from a website: www.coucoo.com last week. I have
got the product. Its quality is very good and the price is
competitive. They also sell phones, TV, psp, motor and so on. By the
way, they import product from Korea and sell new and original
products. They have good reputation and have many good feedbacks. If
you need these products, look at this website will be a clever choice.
I am sure you will get many surprise and benefits.
Greetings!"
What am I supposed to do about it? I have changed my password but is there some other danger lurking somewhere?
awesum22, I'm watching this scenes and no cc informations leaked out so far!
Because I can register my gmail, yahoo or w/e address I want as a MS Passport account.
Sometimes the site name difference is so small your brain doesn't even see it. At lease that's what got me on a fake rapidshare site. I felt like such an idiot. So then after that is when I put in place the openDNS and wot. But I still inspect the URL hard core from now on.
+10 - I see an arrogance on Neowin quite regularly, but the brain can be easily fooled. Because we're human, we're not immune to mistakes. One therefore cannot be immune to computer viruses simply because you are part of a minority of well-above-average computer literate people.
@att.net
@sbcglobal.net
(above both part of Yahoo)
And:
@mac.com
@me.com
Just curious if anybody knows. And I really hope people will be mature and avoid making comments about using .Mac.
@att.net
@sbcglobal.net
(above both part of Yahoo)
And:
@mac.com
@me.com
Just curious if anybody knows. And I really hope people will be mature and avoid making comments about using .Mac.
@Tanshin: There are 6 @att.net emails, 260 @sbcglobal.net, 15 @mac.com, and 4 @me.com.
@att.net
@sbcglobal.net
(above both part of Yahoo)
And:
@mac.com
@me.com
Just curious if anybody knows. And I really hope people will be mature and avoid making comments about using .Mac.
@Tanshin: There are 6 @att.net emails, 260 @sbcglobal.net, 15 @mac.com, and 4 @me.com.
I take it I don't really have to worry about it then.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.