Update (GMT 8:47 AM, 7th Oct 09): This post has been updated with Microsoft’s official statement and guidelines about how to get your Hotmail account reinstated if your account has been compromised and hacked. Scroll down to the bottom of this post to view the guidelines.
Are you a Hotmail user and remember logging on to a website that looked like Hotmail (same as Windows Live), just over the weekend? If your answer is in the affirmative, you might want to check whether you are still the owner of your Hotmail account! Thousands, perhaps tens of thousands of Hotmail accounts have been compromised and hacked through phishing sites and published online, according to the BBC.
Microsoft has confirmed that thousands of users of the world’s most popular email service need to change their passwords, urgently. “We are working diligently to help customers regain control of their accounts” a spokesperson from Microsoft said. Here is an excerpt of Microsoft’s statement:
“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a phishing scheme. As always, upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers.
As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”
Apparently, a huge phishing attack was underway over the weekend and many Hotmail users were made to enter their personal information and passwords on a Phishing website (something that looked like Hotmail, but was actually not). At the moment the extent of the breach is not known, although the mystery hacker posted details of some 10,000 accounts ending in hotmail.com, msn.com and live.com which appear to be just the tip of the iceberg as it were. Okay, we agree that 100,000s accounts from a total of more than 400 million might seem like a fuss about nothing. But hey, would you still go by the percentages, if YOUR account is one of that small number?
As always, this time too, the hackers used social engineering tricks to lure their potential victims to click on an authentic looking link, which eventually leads to a very authentic looking website. The result was that within hours several Hotmail passwords and user IDs were up for everyone to see on a website. Scary, isn’t it? Now you know why Microsoft wants you to change your password every 90 days and watch out for fishy login invites, just to be on the safer side.
Among all this mystery, the good news for Australians is that most of the hacked accounts appear to be in Europe, which is equally bad news for the hotmail account holders from the UK. To make matters worse, while Hotmail has got almost 28% share of the world webmail market, the UK alone serves some 14 million email users.
While Microsoft has already confirmed the leakage on the Internet, even if your Hotmail account appears to be safe for now, “TechChunks” STRONGLY recommends you to change your Hotmail password and the security question immediately.
UPDATE! Microsoft’s official statement and guidelines about how people can register their details if their account has been compromised and hacked:
“We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation. As part of that investigation, we determined that this is not a breach of any Microsoft servers. Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.
If users believe their information was documented on the illegal list, users should fill out the following form to reclaim access to their account. Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. General information on what to do if you believe you have been victimized via a phishing scam is available on this page at our support community.
Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.
Microsoft recommends customers use the following protective security measures:
> Renew their passwords for Windows Live IDs every 90 days
> For administrators, make sure you approve and authenticate only users that you know and can verify credentials
> As phishing sites can also pose additional threats, install and keep anti-virus software up to date”
– Leah Grayson, Microsoft Press Office
Do you have a Hotmail e-mail account? Have you been affected by the issues in this story? Was your Hotmail account compromised and hacked in the recent phishing scam? Share your experiences with us using the comment form below.