On October 1st, an anonymous user over at www.pastebin.com, a site often used by developers to share pieces of coding, pasted a list of Hotmail accounts with passwords that numbered in the thousands. The list, which has been verified to exist by both www.neowin.net who broke the story on the 5th of October, and Microsoft itself, was said to contain accounts running through A to B, and include accounts making use of @hotmail.com, @msn.com and @live.com.
According to a Microsoft spokesperson,
“over the weekend Microsoft learned that several thousand Windows Live Hotmail customer’s credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.”
There are also unconfirmed reports that most of the said accounts were based in Europe, although as yet Microsoft have not commented on this.
Users of the Windows Live mail service are urged to change their passwords and security questions following this reported leak as lists similar to the one posted may exist.