The Phishing attack we reported yesterday now appears to be more widespread than just Hotmail email accounts, with the BBC reporting that they’ve now seen details of accounts from Yahoo!, AOL, GMail and other service providers posted online.
The BBC said…
The list was published on the same website as the original list of 10,000 Hotmail login details.
Some of the accounts appear to be old, unused or fake. However, BBC News has confirmed that many – including Gmail and Hotmail addresses – are genuine.
Other addresses include Comcast and Earthlink accounts.
This will make this the biggest and most wide-ranging phishing attack the world has yet seen, though, while the new batch of email details were posted to the same website as yesterday’s 20,000+ Hotmail accounts, there’s as yet no proof that these two events are linked.
In a statement, Microsoft said..
"Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software."
Again the advice is to change both your password and your security question for your email account. However there is also the issue that many people, it’s reported worldwide up to 40% of us use the same username / password combination to log into other websites. These may include Amazon, Ebay and Paypal.
While your bank’s online system may be much more secure, those for websites where you can still make financial transactions are not.
It could well be argued that now is the time for these websites to make a switch to a more secure login system, allowing you to keep the username and password you have but asking instead for random characters accompanied perhaps by a pin number.
Technology site neowin.net was the first to break the news yesterday. It said the Hotmail, MSN and Live account details were posted on October 1st at pastebin.com, which is currently down for maintenance after receiving "an unprecedented amount of traffic" according to site owner Paul Dixon.
He described pastebin as “just a fun side project for me, and today it’s not fun. It will remain offline all day while I make some further modifications,""
