Twenty-four hours after news broke that someone posted usernames and passwords for 10,000 Microsoft Hotmail customers, it was discovered that a similar list with information on thousands of Gmail, AOL and Yahoo Mail were online as well. In light of the news, here are some tips about staying safe online.
A day after reports surfaced that 10,000 Microsoft Windows Live Hotmail user credentials had been stolen and posted online, the BBC has reported seeing a list of some 20,000 e-mail accounts and passwords belonging to users of Google Gmail, AOL,
Yahoo Mail, Comcast and Earthlink. In both cases, officials laid the blame for the data exposure on phishers.
"We recently became aware of a phishing scheme through which hackers
gained user credentials for Web-based mail accounts including a small
number of Gmail accounts," a Google spokesman said. "As soon as we
learned of the attack, we forced password resets on the affected
accounts. We will continue to force password resets on additional
accounts if we become aware of them."
Similarly, officials at Yahoo confirmed a phishing attack had claimed
user credentials and urge the public to review information Yahoo has on
Among other things, the company recommends users be wary of pop-up
warnings and avoid clicking on them if they look suspicious.
and phishing attacks are an ongoing and industry-wide issue and Yahoo
takes great effort to protect our users' security," the spokesperson
said. "We urge consumers to take measures to secure their accounts whenever possible, including changing their passwords."
In addition, Google reminded users to only provide Gmail log-in information to sites starting with https://www.google.com/acounts
and never to click through any warnings their browsers may raise about certificates.
MessageLabs Intelligence senior analyst for Symantec Hosted Services,
noted that the impact of phishers getting their hands on this kind of
information can be widespread, going beyond the accessing of the actual
from accessing the user's Webmail accounts, e-mail addresses are
commonly used to log into social networking sites," Wood said. "So with
a successful phishing attack, the bad guys not only gain access to an
individual's e-mail account, but also a variety of other sites that may
be linked to that account. People should be advised not to share the
same password for these sites and should change their passwords at
least every 90 days."
The attack also had a side effect - it showed that many users
utilizing weak passwords to protect their accounts. According to an
analysis by Acunetix, 42 percent of the roughly 10,000 Hotmail
passwords were "lower alpha" - meaning they contained only letters.
Nineteen percent contained only numbers, and the most common password
"As we can see...a big majority of Internet users still use very poor passwords," blogged Bogdan Calin of Acunetix.