Microsoft Blames Hotmail Data Leak on Possible Phishing Attack

Microsoft confirmed thousands of Hotmail customers had their usernames and passwords posted recently on a third-party site as a result of a likely phishing attack. An investigation by Microsoft has determined that there was no breach of internal data on the company's part.

Officials at Microsoft confirmed that thousands users of Windows Live Hotmail had their user credentials posted on a third-party site.

According to Microsoft, the username and password information was likely swiped in a phishing scheme, and the company is currently working with customers who were affected. The situation appears to have been first reported by, which reported finding some 10,000 usernames and passwords on The information was posted by an anonymous user on Oct. 1. The post has since been taken down.

According to, the list ran from A to B and included, and accounts. Most of the accounts appear to be based in Europe,the publication added.

In response to reports, a Microsoft spokesman issued this statement:

""Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.""

Microsoft also recommended customers renew their passwords for LIVE-IDs every 90 days and keep their antivirus software up-to-date.

"For administrators, make sure you approve and authenticate only users that you know and can verify credentials," the spokesman said.