PC Magazine Wrote:Gmail Also Nailed by Phishing Attacks, Google Says
Over this past weekend the credentials for several thousand Microsoft Hotmail accounts were posted online. Microsoft has confirmed the list was authentic, worked to get it taken down and deactivated the accounts. If your account was affected you can fill out this form to reclaim account access.
Then today Google told the BBC that Gmail had been similarly targeted. The BBC reported that they had seen a list with more than 30,000 names and passwords.
Microsoft says that the Hotmail accounts appear to have been compromised through "a likely phishing scheme," not through any problem in Hotmail. Google's response was similar: "We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including GMail accounts...As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them."
What more is there to say about such problems? Users need to be able to recognize illicit attempts to elicit their account information. The Microsoft blog linked to above has some good, general advice on recognizing phishing scams.
It's also possible for attackers to steal account access if the passwords through other attacks, such as dictionary attacks which attempt to use common words (such as "password") as the password. Brian Krebs of the Washington Post has some good general guidelines on password selection in his report on this attack.
Pastebin, the site on which the Hotmail accounts were posted, is designed for programmers to share source code. Since the news broke of this disclosure, the owner, a completely innocent bystander in this business, has had to take the site down and work, undoubtedly for free, on measures to secure his site against such abuse in the future. I feel sorry for him, at least as sorry as I feel for people who gave up their e-mail passwords unwittingly.
The passwords were stolen from people who were gullible enough to answer e-mails from the "administration" requesting their passwords.
Gotta facepalm a bit.
<span style="font-familyalatino Linotype">
<span style="color:#000000">All morons hate it when you call them a moron.
Somehow spammers were able to send stuff from my Hotmail address recently. I never give out my password anywhere and I didn't get phished. Scary stuff.
I know a way some get MSN passwords.
They use a website known as MSNblocked or whatever.
Its not from MSN and it ask you your email and password saying "We dont keep them" and the first thing that happen after you enter your infos there is that they use your account to send the link to the website to all your contacts.
Still, my password is pretty darn secure ATM.
I will still change in. No need to take any kind of risk.
![[Image: 7220a57d19cexl1.jpg]](https://imageshack.us/a/img10/5332/7220a57d19cexl1.jpg)
![[Image: virussig3.png]](http://img441.imageshack.us/img441/2062/virussig3.png)
alatino Linotype">
![[Image: GlossyNew2copy-1.png]](http://i195.photobucket.com/albums/z57/dopamino/GlossyNew2copy-1.png)
![[Image: RobertJenson.png]](http://i630.photobucket.com/albums/uu23/oldum/LPI/RobertJenson.png)