October 6, 2009

IT security and data protection firm Sophos has warned users of Microsoft‘s online services such as Hotmail to change their passwords immediately.  The warnings come after it was revealed yesterday that 10,000 usernames and passwords were publicly disclosed from users of hotmail.com, msn.com, and live.com e-mail services. All of the accounts initially posted begin with the letter A or B, suggesting that this may be the tip of the iceberg.

The precise cause of the leak is still unclear and Microsoft has said it is actively investigating the situation.  Speculation abounds that the data has been collected via a phishing scam in which fake websites are used to trick people into revealing personal details.

SophosLabs revealed last month that at least one third of users who change their passwords every 90 days would have been protected from public disclosures like this.

Sophos also advises IT administrators to take the opportunity to remind their users to change Microsoft Live!, MSN, and Hotmail passwords as well as making sure their anti-spam protection is current.  Now is a perfect time to educate users about phishing and clicking links in email.

Chester Wisniewski, senior security advisor, Sophos said, “My recommendation for users of Microsoft’s online services is to change your passwords immediately. You are better to be safe than sorry, and password rotation is something we are often too lazy to do. This is a great time to log into those Facebook, Twitter, Gmail, and Yahoo! accounts and do likewise as a simple best practice to prevent yourself from becoming a victim of habit.”