Thousands of Hotmail passwords have been hacked and posted online, BBC News has learnt.
Microsoft, which owns the popular web-based e-mail system, said that it was aware of the claims and that it was "investigating the situation".
BBC News has seen a list of more than 10,000 accounts, which technology blog Neowin.net said had been posted online.
The blog suggested the accounts had been hacked or had been collected as part of a phishing scheme.
Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and passwords.
"At the moment we don't know how the hackers got the passwords or how many they got," Graham Cluley, consultant at security firm Sophos, told BBC News.
"It could just be a subset that they posted online."
'Rapid response'
Neowin claims the details were posted on 1 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,027 names beginning with the letters A and B.
BBC News has confirmed that the accounts are genuine.
"Most appear to be based in Europe," Tom Warren, a neowin blogger, wrote on the site.
The list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Microsoft said it had "been made aware of the claims that Windows Live IDs and passwords have been made available on the web".
"We're actively investigating the situation and will take appropriate steps as rapidly as possible," a spokesperson said.
Mr Cluley advised hotmail users to change their password as soon as possible.
"I'd also recommend that people change the password on any other site where they use it," he said.
Around 40% of people use the same password for every website they use, he added.
Hotmail is currently the largest web-based email service.
Source:
Microsoft, which owns the popular web-based e-mail system, said that it was aware of the claims and that it was "investigating the situation".
BBC News has seen a list of more than 10,000 accounts, which technology blog Neowin.net said had been posted online.
The blog suggested the accounts had been hacked or had been collected as part of a phishing scheme.
Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and passwords.
"At the moment we don't know how the hackers got the passwords or how many they got," Graham Cluley, consultant at security firm Sophos, told BBC News.
"It could just be a subset that they posted online."
'Rapid response'
Neowin claims the details were posted on 1 October to pastebin.com, a website commonly used by developers to share code.
Although the details have since been removed, BBC News and Neowin has seen a list of 10,027 names beginning with the letters A and B.
BBC News has confirmed that the accounts are genuine.
"Most appear to be based in Europe," Tom Warren, a neowin blogger, wrote on the site.
The list included details of Microsoft's Windows Live Hotmail accounts with email addresses ending hotmail.com, msn.com and live.com.
Microsoft said it had "been made aware of the claims that Windows Live IDs and passwords have been made available on the web".
"We're actively investigating the situation and will take appropriate steps as rapidly as possible," a spokesperson said.
Mr Cluley advised hotmail users to change their password as soon as possible.
"I'd also recommend that people change the password on any other site where they use it," he said.
Around 40% of people use the same password for every website they use, he added.
Hotmail is currently the largest web-based email service.
Source:
Code:
http://news.bbc.co.uk/1/hi/technology/8291268.stm
Comment