A new wave of details and even more questions related to the disclosure of Hotmail, MSN, and Live! credentials were recently revealed by Neowin.com. The BBC reported on another 20,000 credentials posted on pastebin.com. They also disclosed that Google found a third list of credentials of undisclosed size.
The credentials were not limited to Microsoft services; they also included Yahoo!, Gmail, AOL, Comcast, and Earthlink.The breadth and scope of this is intriguing as Microsoft and Google both have made statements insisting it is the result of phishing.I am not willing to say it is not phishing, or related to phishing; however, it could be a combination of attacks leading to this large quantity of compromised accounts.Many trojans and other malware capture and upload any credentials cached by Internet Explorer and Firefox.I recently mentioned the chance this was related to a MSN Messenger friends block verification scam that was popular at the end of August and beginning of September.Earlier, SophosLabs reported on a similar scam targeting Microsoft passwords.This alone implies that if it is only phishing, multiple tactics were taken.Many users have expressed concern to me today regarding the difficulty in changing their Microsoft credentials.When logging into your Hotmail or other Live! ID account it is not obvious how to change your password.You wouldnt think Microsoft would make something so important so difficult, but they do.Here is the easiest way I have found to change your Live!/Passport password.Go to http://login.live.comEnter your email address and password for the account in questionSelect CredentialsChoose Change your passwordWhile entering the details I recommend checking the box Make my password expire every 72 daysYou might ask, Why would these thieves post these passwords in a public forum?.This is not entirely clear, but the precedent would be credit card thieves.They often steal hundreds, or thousands of cards and post a sample on underground message boards to demonstrate that they have real cards.Then they are able to sell the rest with the purchaser having been able to test the validity of their claim.If the 30,000 are a limited sample of what they have obtained, then this could be a demonstration to potential customers of the stolen logins.If this is true the 30,000 users are the lucky ones.Microsoft, Google and the others can lock these accounts and prevent their further abuse.The remaining undisclosed accounts are free for the taking if users dont hear the message to change their passwords and better protect their identities.What value do stolen email accounts have? Two primary scams come to mind.The hackers are able to penetrate the trust barrier.Your webmail account often contains a list of friends, family and acquaintances who trust you.This enables the attacker to victimize these contacts by virtue of their relationship with you.Logging into your account hackers are able to determine what other online services you use, and are able to perform password resets.This widens the net of identities they can capture and potentially enables them to reset your passwords to bank accounts, online payment systems, and other critical accounts.If it is not already clear, reset all of your passwords.Be more vigilant than ever about clicking links in emails, even links on search engines.Only provide your credentials to websites that provide the service for which the user ID belongs.
What You Should Know About the EB-5 Investor Visa Process
This article will address important aspects of the EB-5 Investor Visa Program that you should be aware of when preparing to go through the application process.
How to attain a Green Card Through the EB-5 Investor Visa Program
This article will summarize the steps necessary to obtain an EB-5 Investor Visa.
iPhone Apps For Children: Maybe you should hand your kids your iPhone, after all
Many applications for the iPhone are well suited for children. This articles explores a number of these Apps.
