Microsoft Hotmail hit by massive phishing attack as details of thousands of users are stolen

Hotmail users have been urged to change their password after the web-based email service was hit by a phishing attack.

BBC News reported that it had seen a list of more than 10,000 email accounts, predominantly originating from Europe, and passwords that were posted online.

Microsoft confirmed that the accounts are genuine and predominantly originate in Europe, and that it was launching an investigation.

Steve Watts, co-founder of SecurEnvoy, said: “The phishing attack on Hotmail was predicted over a decade ago, and yet the warnings were ignored. The infiltration of thousands of web-based email accounts was in many ways inevitable. It just shows how vulnerable web-based apps - tools many of us rely on every day - can be.

“Could this be the beginning of the end for our traditional view of web-based email? Maybe. Email accounts can hold extremely sensitive information, and yet many people choose to protect them with a single password. And if that password is shared or phished, there's no protection at all. The age of the password is over.”

However Randy Abrams, director of technical education at ESET, advised not using free webmail for anything that is secure, as although the account is not likely to lead to identity theft, attackers can use the account to spam your contacts.

Michael Lynch, ID theft expert from life assistance company CPP, said: “It's very concerning that a popular service like Hotmail could be easily targeted by cyberfraudsters. And the fact that thousands have responded to this particular phishing attack shows that people are not getting the message when it comes to online security.

“We urge all consumers to change their passwords frequently and remain vigilant about phishing and other online scams. Our research shows that millions use the same password every time they go online, so if you have fallen victim to this scam, the fraudster will have the keys to your entire online life. If you are concerned that your details have been compromised, you need to get in touch with your bank immediately.”

Sign up to our newsletters