Microsoft confirms Hotmail phishing attack
Security experts warn Hotmail users to change their passwords immediately.

Microsoft has confirmed that Hotmail customers were hit by a phishing attack, resulting in the release of thousands of passwords online.
Last Thursday, an anonymous user posted details of over 10,000 accounts - with addresses starting with the letters A or B - on a developer site.
Although the precise cause of the leak is still unclear, Microsoft said that once it had learned of the issue, it requested that the credentials were removed and launched an investigation.
A spokesperson said in a statement: "As part of that investigation, we determined that this is not a breach of any Microsoft servers."
The statement added: "Subsequently we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."
Microsoft also said that phishing was an industry wide problem, and advised users to keep anti-virus software up to date as well as renew passwords every 90 days.
IT security firm Sophos said that users of Microsoft's online services should change their passwords, and the fact that the accounts began with A or B suggested that it could be the "tip of the iceberg".
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"My recommendation for users of Microsoft's online services is to change your passwords immediately," said Sophos senior security advisor Chester Wisniewski in a statement.
"You are better to be safe than sorry, and password rotation is something we are often to lazy to do," he added.
-
96% of SMBs are missing critical cybersecurity skills – here's why
News The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
By George Fitzmaurice
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualized
Reviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
By Dave Mitchell
-
MSPs are struggling with cyber security skills shortages
News A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
By George Fitzmaurice
-
Nearly 70 software vendors sign up to CISA’s cyber resilience program
News Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
By Solomon Klappholz
-
Sophos and Tenable team up to launch new managed risk service
News The new fully managed service aims to help organizations manage and protect external attack surfaces
By Daniel Todd
-
Ransomware groups are using media coverage to coerce victims into paying
News Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
By Solomon Klappholz
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actors
News While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
By Ross Kelly
-
Cyber security in the retail sector
Whitepapers Retailers need to ensure their business operations and internal data aren't breached
By ITPro