Hotmail phishing attack - official statement from Microsoft

6 October 2009

Yesterday we told you about security issues with Hotmail, after 10,000 account names and passwords appeared in a developer forum. At the time it was unclear how the information had been acquired, but Microsoft has now confirmed it was through a phishing scam. The big dogs have been in touch with Bitterwallet to provide a full statement on the matter:

We are aware that some Windows Live Hotmail customers’ credentials were acquired illegally by a phishing scheme and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation.

As part of that investigation, we determined that this is not a breach of any Microsoft servers. Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts.

If users believe their information was documented on the illegal list, users should fill out this form to reclaim access to their account. Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience.

TOPICS:   Scams


  • Adam
    Just me or does this Microsoft webpage look a bit like a "phishers" wet dream don't they tell you NEVER to disclose this kind of info? Surely the only secure way of resetting accounts is to do so via the telephone, so that info can be asked for and verified, it's the only way we'll do it where I work.
  • no
    what a load of phish
  • Thousands B.
    [...] Hotmail phishing attack – official statement from Microsoft … [...]
  • Email B.
    [...] phishing attack we first alerted you to on Monday is spreading to other webmail services besides Hotmail and is self-propagating, sending emails to [...]

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment