Microsoft has confirmed that Hotmail password details were posted online as a result of a phishing scam.
The details of thousands of accounts were posted up earlier this week, and according to a piece in The Guardian, Microsoft said that its security wasn’t at fault.
“Over the weekend, Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme,” Microsoft stated in the Guardian report.
Neowin, the site that first broke the story, is now claiming that more lists of login details are circulating, and over 20000 accounts are affected (double the original number).
Neowin says these aren’t just Hotmail accounts either, but non-Hotmail passport accounts: “A new list contains email accounts for Gmail, Comcast, Earthlink and other third party popular web mail services. It’s not clear if this is login information for the service itself or the Microsoft Passport passwords.”
Security experts are advising that Hotmail users change their passwords.