IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft confirms Hotmail phishing attack

Security experts warn Hotmail users to change their passwords immediately.

Microsoft has confirmed that Hotmail customers were hit by a phishing attack, resulting in the release of thousands of passwords online.

Last Thursday, an anonymous user posted details of over 10,000 accounts - with addresses starting with the letters A or B - on a developer site.

Although the precise cause of the leak is still unclear, Microsoft said that once it had learned of the issue, it requested that the credentials were removed and launched an investigation.

A spokesperson said in a statement: "As part of that investigation, we determined that this is not a breach of any Microsoft servers."

The statement added: "Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."

Microsoft also said that phishing was an industry wide problem, and advised users to keep anti-virus software up to date as well as renew passwords every 90 days.

IT security firm Sophos said that users of Microsoft's online services should change their passwords, and the fact that the accounts began with A or B suggested that it could be the "tip of the iceberg".

"My recommendation for users of Microsoft's online services is to change your passwords immediately," said Sophos senior security advisor Chester Wisniewski in a statement.

"You are better to be safe than sorry, and password rotation is something we are often to lazy to do," he added.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022