Wednesday, November 16, 2011

Reddit User Discovers Login Credentials for 47k MSN, Hotmail Email Accounts

Roddds Script ResultsReddit user, “Roddds” recently stumbled across a zip file that contained the login credentials for 47,130 MSN and Hotmail email accounts.

The list was discovered after Roddds received a typical phishing email and opened the URL provided within the email without the .php file at the end. Inside the server directory was an assortment of files, including the zipped text file containing the list of MSN and Hotmail email addresses with their corresponding passwords.

“I wrote a Python script to test if the accounts were still valid without actually looking into these people's emails”, Roddds wrote in a Reddit post, “This script has been running for about 2 hours now, and about 85% of the credentials I've tested are still valid.”

Upon learning that majority of the login credentials were genuine, Rodds contacted Microsoft - who owns both MSN and Hotmail - and sent them the list. The server hosting the file was taken down shortly thereafter.

If you suspect that your Hotmail or MSN account has been compromised, it’s highly recommended that you change your password immediately.

Additionally, you can wander over to pwnedlist.com and see if your email address has been found in another list that has been released to the public.

Users should avoid entering login information when clicking links from unsolicited emails as they may run the risk of submitting their login information to a third-party. Always be sure to either check the URL in the address bar before entering your username/password or type the URL of the website you wish to visit directly into the address bar to prevent your login details from ending up in the wrong hands.

Be sure to follow us on Twitter @hyphenet and “Like” us on Facebook for the latest tech news and PC security threats. 

No comments:

Post a Comment