Someone went phishing: Thousands of Hotmail accounts compromised

Tom Warren at Neowin.net is reporting on the temporary release of thousands of Hotmail addresses and passwords, apparently gathered in some kind of a phishing scam.  Microsoft is “actively investigating”, according to Neowin.  While this is never good news, these compromised accounts don’t appear to be a breach of security within Microsoft or Hotmail, but rather a phishing scam.

We monitor Twitter for a number of keywords/phrases, and are amazed at how lackadaisical some people are at protecting their identities.  We also came across a tweet pointing to a website promising “Free Microsoft Points”, which shows at least one way email phishing can/could take place.  On the website, potential victims are asked to send a points “generator algorithm” to an email address (obviously, do not do this!!!!!):

“<your email address>start generator<your gamertag>

/v3.0/<how many microsoft points you want>

/generator.mc.v3<yourpassword>generatenow”

So, send us your email, gamertag, and password, wait (don’t change your password!), and you’ll get free points!  Sad to think how many people (and we would think especially kids who are eager for a free way to get more game time) would/do fall for this.  The site has been reported, but at this writing is still functioning.

Unless you are prone to fall victim to such scams, you’re probably ok, but we agree with Tom Warren that it’s a good idea to take the extra step and change your passwords.

Update: WindowsLiveWire has a post up on the issue, and protecting yourself from phishing