Password Scam Widens To Google, Yahoo

[Kat]

The scale of the phishing attack on Hotmail could stretch further than first thought, with accounts on Google and Yahoo now threatened.

Microsoft confirmed on Monday that the popular email site had been the target of a scam which tricked users into revealing their passwords. This led to around 10,000 passwords being posted online.

The computer company said their servers were not responsible for the security breach and that individuals had been conned into handing over their details. But it has been reported that more lists have also been circulated with genuine account information relating to email on Google, Yahoo, Comcast and Earthlink, as well as other third-party web mail services.

Neil O'Neil, an ethical hacker and digital forensics investigator at secure payments specialist The Logic Group, said up to a million passwords could have been accessed.

"Making the breach public so soon after the attack occurred has allowed unethical hackers to access the passwords very easily, even though they were deleted a couple of days ago at the request of Microsoft," he explained.

"People tend to have the same password across many accounts — so there is a good chance that individuals have also compromised the integrity of their ebay or paypal accounts too.

"The list went through A and B, so you would think whoever released these has more. And if you do the maths, they could have more than a million



LINK

 

[KittenKoder]

Note to internet users (who don't already know):

Look at where you enter the password, only enter it in official pages (make sure the URL address is correct not just look at the site). Never send them via email, even if the company asks (most do not ask in email as a precaution).

As a side note: Damn, can't use this as an example of Microsucks fucking up this time.

 

[xotoxi]

The scale of the phishing attack on Hotmail could stretch further than first thought, with accounts on Google and Yahoo now threatened.

*DAMN! They're on to me!

Now I'm going to have to redouble my efforts to prevent from being caught!*
​

 

[PLYMCO_PILGRIM]

Note to internet users (who don't already know):

Look at where you enter the password, only enter it in official pages (make sure the URL address is correct not just look at the site). Never send them via email, even if the company asks (most do not ask in email as a precaution).

As a side note: Damn, can't use this as an example of Microsucks fucking up this time.

In addition to KK's password advice i'd like to add my own.

NEVER, EVER, EVER, share your password with ANYONE who asks for it online....EVER.

 

[xotoxi]

Note to internet users (who don't already know):

Look at where you enter the password, only enter it in official pages (make sure the URL address is correct not just look at the site). Never send them via email, even if the company asks (most do not ask in email as a precaution).

As a side note: Damn, can't use this as an example of Microsucks fucking up this time.

In addition to KK's password advice i'd like to add my own.

NEVER, EVER, EVER, share your password with ANYONE who asks for it online....EVER.

Everytime I receive an email with links in it (such as from a company like ebay or Medscape or something else to which I am subscribed), I will always mouseover the links before I click them.

There have been many times that I've received emails with links only to find that following the links will lead to porn or another unsavory website.

Additionally, spammers have created an ingenious way of bypassing email spam blockers...they use your own email address as their return address.

 

[Luissa]

last time i logged onto yahoo, it asked me to give my cell phone number and some other info in case I forgot my password. Do you think that was a scam? I didn't feel it out, I am little sensitive because my myspace got hacked once.

 

[KittenKoder]

last time i logged onto yahoo, it asked me to give my cell phone number and some other info in case I forgot my password. Do you think that was a scam? I didn't feel it out, I am little sensitive because my myspace got hacked once.

It's not an illegal scam, but Yahoo gathers that info to sell to advertisers sometimes so I wouldn't. I stopped going there a long time ago, Google is the only service I use, and all the co-op sites with Google (Picassoweb, Youtube, etc.).

 

[Luissa]

I have had that email for four years now, I only keep it because I have some old friends that only know that address.

 

[Ringel05]

Note to internet users (who don't already know):

Look at where you enter the password, only enter it in official pages (make sure the URL address is correct not just look at the site). Never send them via email, even if the company asks (most do not ask in email as a precaution).

As a side note: Damn, can't use this as an example of Microsucks fucking up this time.

In addition to KK's password advice i'd like to add my own.

NEVER, EVER, EVER, share your password with ANYONE who asks for it online....EVER.

If anyone asks for password I give them this one - gophucurself96

 

[RodISHI]

last time i logged onto yahoo, it asked me to give my cell phone number and some other info in case I forgot my password. Do you think that was a scam? I didn't feel it out, I am little sensitive because my myspace got hacked once.

Give them an odd number on forms that require such numbers. I use zero's or one's or the # for information (area code) 555-1212 when I do not want to give my real phone number out