Microsoft acknowledges Windows Live ID breach

Share this article:

The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday.

The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend.

"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."

Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service.

News of the breach spread early Monday, but it was unclear how the credentials were originally obtained.

“An anonymous user posted details of the accounts on [Monday] at pastebin.com, a site commonly used by developers to share code snippets,” Tom Warren, a blogger at Neowin, a technology news website, wrote in a report Monday. “The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists.”

Microsoft recommended that users change Windows Live passwords, and that administrators make sure to approve and authenticate only known users, while also keeping anti-virus software up to date.

Microsoft directed concerned users to this page to obtain more information on remediation. The page, however, includes a notice that reads: “Windows Live Hotmail is currently experiencing login issues. Some customers may receive errors when attempting to login to their Live Hotmail account.”

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.