Microsoft acknowledges Windows Live ID breach

The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday.

The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend.

"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service.

News of the breach spread early Monday, but it was unclear how the credentials were originally obtained.

“An anonymous user posted details of the accounts on [Monday] at pastebin.com, a site commonly used by developers to share code snippets,” Tom Warren, a blogger at Neowin, a technology news website, wrote in a report Monday. “The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.”

Microsoft recommended that users change Windows Live passwords, and that administrators make sure to approve and authenticate only known users, while also keeping anti-virus software up to date.

Microsoft directed concerned users to this page to obtain more information on remediation. The page, however, includes a notice that reads: “Windows Live Hotmail is currently experiencing login issues. Some customers may receive errors when attempting to login to their Live Hotmail account.”