Hotmail, Gmail, AOL and Yahoo email passwords hacked, accounts at risk

[Al-khiyal]

Cybercriminals attack 20,000 email accounts

October 6, 2009 -- A cyber crime wave in which 20,000 email passwords were hacked and posted online by malicious internet criminals has caused widespread panic today. Technology blog neowin.net reported that an anonymous user had posted the details of 10,000 Windows Live Hotmail accounts - which includes hotmail.com, msn.com and live.com - on a website. Today it revealed 10,000 more email account details are circulating, affecting Gmail, Comcast, Earthlink and other popular services.

Microsoft has confirmed that Hotmail customers were hit by a "likely" phishing attack. In a statement, it said: "Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

Of the first 10,000 hacked accounts Neowin administrator Tom Warren wrote on the blog: “The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists." The blog suggested the details were obtained through a hack or “phishing” scam, in which fake websites are used to trick people into revealing usernames, passwords and other information.

Chief technical officer of Forward Internet Group, Lukas Oberhuber, told Dailstar.co.uk: "What it looks like is that Microsoft has blocked access to what they believe are the affected accounts. There is a form on Windows Live to fill out and reclaim access to your account. But I don't know what Microsoft were thinking when they designed this form but it looks just like a phishing website. It asks you to input so many personal details. I feel suspicious when I look at it. They really should have a simple website that it well publicised and easier to locate."

The site on which the 10,000 passwords were published, Pastebin.com, was offline today, with a 'down for maintenance' message posted in place of its homepage. Creator Paul Dixon wrote: "Pastebin.com was intended as a tool to aid software developers, not for distributing this sort of material. Filters have been put in place to prevent reoccurrence, but the current traffic level is unsustainable. Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications."

INTERNET PHISHING Q & A

What is phishing?

Cybercriminals use fake websites to lure people into revealing their personal details such as their online banking passwords and login details. A stolen identity can then be sold on to other fraudsters who might use it to launder money, create false documents and commit benefit fraud.

How can I recognise an internet scam?

Microsoft advises asking the following questions:

1 Does it ask you to send your personal information?
2 Is it poorly worded or does it have typos?
3 Does it contain convincing details about your personal information?
4 Does it use phrases like “verify your account” or “you’ve won the lottery?”

The most important thing to remember is do not click on the link or give out your personal information. It is possible for your computer to become infected with malicious software simply by visiting a phishing site.

How do I know if my email account has been affected?

Microsoft has blocked access to all the affected accounts, follow the instructions on your sign in page.

How can I safeguard my personal details?

Phishing is hard to defend against. If you think your email account has been compromised and you have any emails in your inbox containing account numbers or passwords, change them as soon as possible. In future be highly suspicious of websites that ask for your personal details and ignore emails from banks that ask you to submit your online banking password with a click through link. Do not click on links sent to you by friends until they have verified sending it.

How can I avoid future scams?

Change your passwords regularly, make sure your internet browser has up-to-date anti-phishing filters and safeguard against viruses with anti-viral software. Be overly suspicious of inputting your personal details online.

[Al-khiyal]

Gmail, AOL and Yahoo email logins posted online in phishing scam

October 6, 2009 -- More than a quarter of a million email accounts on the biggest webmail services are believed to be at risk from online criminals after thousands of passwords belonging to users of the Yahoo, AOL and Gmail services were posted online. The breach, likely to be the accumulation of a number of separate phishing attacks using fake sites to lure people to leave login details, is believed to be one of the biggest of its kind. Graham Cluley, a consultant for the security company Sophos, said: "The danger is that people will be using the same password on many different sites, so the criminals will go and try them on Amazon or PayPal or wherever." Users of those services, and of Microsoft's Hotmail service, are being urged to change their passwords and the security question they use as a precaution.

The discovery comes after 10,000 passwords belonging to Hotmail users with accounts beginning with A or B were found posted online over the weekend. That list suggests there could be about 130,000 compromised Hotmail accounts in all, from its total of 250 million. It emerged today that Yahoo, the biggest online email provider, with about 260 million users, Google's Gmail, with about 100 million users, and AOL, with 50 million, have also been targeted. If the proportion of successful phishing attacks on those users is similar to those affected on Hotmail, more than 250,000 account details would have been captured.

Phishing uses emails with credible-looking web links which lure the reader to click on them and enter personal details. Some masquerade as coming from banks or PayPal, for example, and take the user to fake sites that use the same images as the genuine ones. There they are asked to enter personal information, which can be used to log in to the original email account, and take control of it and other services that use the same details. Tom Warren, a writer at Neowin.net, which discovered the breaches, noted that many of the Hotmail passwords seemed to come from Europe, suggesting that British users could be substantially affected.

[FORTUNATO]

must be El-qaida

Kaddafi already said it¨
" the cyber war is coming..."

[amalgamate]

^^ funny dude

but wow, we all gots to watch our email and hope it's not affected