Microsoft admitted that thousands of users of its Windows Live Hotmail web-based email service were likely victims of a so-called phishing attack. But the company denied that Hotmail had been hacked. Instead, users were apparently fooled into giving up their account information.
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," a Microsoft spokesperson said. "We immediately launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
What makes this attack a bit different is that someone anonymously posted the stolen account data—including logon names and passwords—to a developer-oriented website. The posting has since been removed at Microsoft's request, but according to Neowin, which reported on the posting Monday, there were over 10,000 Hotmail accounts involved starting with the letters A and B alone.
That number suggests that over 100,000 Hotmail accounts were possibly involved, or somewhere around 0.5 percent of the 400 million Hotmail users worldwide. Microsoft recommends that all Windows Live Hotmail users change their passwords just in the case.