Millions of Hotmail, Google G Mail and Yahoo email users are set to be forced to change their passwords say sources following a massive global security breach that has seen the email services of millions of user compromised.
Millions of Hotmail, Google G Mail and Yahoo email users are set to be forced to change their passwords say sources following a massive global security breach that have seen the email services of millions of user compromised.
The move to force email password upgrades is being made after passwords were obtained by hackers who created a fake website identical to Hotmail’s to fool users into entering their email address and password in a ‘phishing’ scam. The emails along with users names were seen being sold on underground internet sites by UK security agents say sources at Microsoft.
The BBC claims that a list of over 30,000 email addresses and passwords was circulating online which contains the details for Gmail, Yahoo! Mail, AOL, Comcast and Earthlink accounts.
Defrauded: A list of over 20,000 email addresses and passwords of users of services including Gmail and Yahoo! Mail has leaked online (file picture)
‘Phishing’ scams involve using false websites to lure people into revealing important data such as bank account details, login names or passwords. Hotmail’s list of users was posted anonymously on to Pastebin.com on October 1. The list was reported by technology blog Neowin.
It is feared that the information could be used by fraudsters to access email accounts and steal personal information such as credit card account details.
In a posting today on Pastbin, the site administrator writes “It seems that a list of 10,000 Hotmail usernames and passwords has been posted on pastebin.com in recent days.
Pastebin was created as a tool to aid software development, not to distribute this sort of material. As a result of the interest this story is generating, pastebin.com is experiencing huge levels of activity – as a result I took it offline to ensure all the offending material has been removed, and have adjusted the abuse filters prevent re-occurence”.
Pastebin is now telling visitors to :
– Change your passwords every 90 days
– Use different passwords for various internet log-ins
– Do not open unsolicited email attachments and links
The site, which is intended for web developers to share code, has since been taken down for maintenance.
According to wire services, a spokesman for Google, which runs Gmail, said: ‘We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail account. ‘It is early days but we have yet to receive reports of fraud linked to this breach.’
A Microsoft spokesman added: ‘We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally and exposed on a website. ‘Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. ‘We are working diligently to help customers regain control of their accounts.’
A spokesperson for Yahoo urged consumers to ‘take measures to secure their accounts whenever possible, including changing their passwords’.