Microsoft acknowledges Windows Live ID breach

Share this article:

The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday.

The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend.

"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service.

News of the breach spread early Monday, but it was unclear how the credentials were originally obtained.

“An anonymous user posted details of the accounts on [Monday] at, a site commonly used by developers to share code snippets,” Tom Warren, a blogger at Neowin, a technology news website, wrote in a report Monday. “The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.”

Microsoft recommended that users change Windows Live passwords, and that administrators make sure to approve and authenticate only known users, while also keeping anti-virus software up to date.

Microsoft directed concerned users to this page to obtain more information on remediation. The page, however, includes a notice that reads: “Windows Live Hotmail is currently experiencing login issues. Some customers may receive errors when attempting to login to their Live Hotmail account.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.