Wednesday, 7 October 2009

Passwords Posted On Line

An anonymous personr posted details of thousands of accounts on October 1 at pastebin.com, a site commonly used by developers to share code. The details have since been removed, the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.

Currently it appears only accounts used to access Microsoft's Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

According to a Microsoft spokesperson "over the weekend Microsoft learned that several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

It is recommended that users change their passwords.

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters. Around 40% of people use the same password for every website they use.

http://www.wired.com/threatlevel/2009/10/10000-passwords/
http://news.bbc.co.uk/1/hi/technology/8291268.stm

No comments: