Microsoft acknowledges Windows Live ID breach

Share this article:

The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday.

The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend.

"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service.

News of the breach spread early Monday, but it was unclear how the credentials were originally obtained.

“An anonymous user posted details of the accounts on [Monday] at pastebin.com, a site commonly used by developers to share code snippets,” Tom Warren, a blogger at Neowin, a technology news website, wrote in a report Monday. “The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.”

Microsoft recommended that users change Windows Live passwords, and that administrators make sure to approve and authenticate only known users, while also keeping anti-virus software up to date.

Microsoft directed concerned users to this page to obtain more information on remediation. The page, however, includes a notice that reads: “Windows Live Hotmail is currently experiencing login issues. Some customers may receive errors when attempting to login to their Live Hotmail account.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

President signs Executive Order to improve payment security

President signs Executive Order to improve payment security

President Obama signed an Executive Order at the Consumer Financial Protection Bureau calling for enhanced security measures, including microchips and PINs.

Security, tech firm coalition fights Hikit actors, other advanced groups

Security, tech firm coalition fights Hikit actors, other ...

The coalition began as an effort to stop the spread of the Hikit trojan, previously known for targeting U.S. defense contractors.

Phishing email delivers keylogger malware, also takes screenshots

Phishing email delivers keylogger malware, also takes screenshots

The malware has various features, including the ability to start persistently, take screenshots and bypass user access controls.