More than 20,000 Hotmail passwords leaked

Several thousands passwords for European users of Microsoft’s e-mail and identity service Hotmail/Windows Live ID have been published on the Web, according to information published by Neowin. The Windows Live team states:

We immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

On October 1, data sets of customers whose e-mail addresses start with A or B had been published on pastebin.com, a service storing any kind of text snippets. According to Microsoft, the data are like to have been stolen with a widespread phishing attack. In the meantime, the Windows Live team has locked access to all compromised accounts, whose domains ended in hotmail.com, msn.com and live.com.

Make your Windows Live Hotmail account safe

If your account has been locked by Microsoft to prevent abuse, follow these simple steps to unlock it:

1. Open the site https://support.live.com/eform.aspx?productKey=wlidvalidation&ct=eformcs&scrx=1.
2. Fill in the form as accurately as possible, then submit it.

What to think about

• Make sure to renew your Hotmail password every 90 days. I will write a step-by-step guide about this shortly.
• You cannot find out whether a contact of yours has blocked you in Windows Live Messenger. Sites and services claiming to be able to tell you this are fake and were only created to steal your Windows Live password.
• Enter your Windows Live password only on websites when the URL starts with “https://login.live.com/” and is marked by a valid security certificate.
• Install and keep your anti-virus software up-to-date, e.g. by using Microsoft Security Essentials.
• If you use the same password for other services, too (not recommended anyways!), change it there.