Subsequent reports have revealed that as many as 20,000 accounts have been compromised across numerous email providers, including Yahoo, AOL, Comcast, Earthlink and others, and that . These reports noted that the affected companies believed that the breaches occurred because of phishing attacks (although one researcher, Mary Landesman, who works for ScanSafe, has said that “it’s more likely that the massive lists . . . were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses.”
As more details emerge, it seems that more questions remain to be answered. Exactly how many passwords have been compromised, and from how many companies? Was the breach due to a single massive phishing attack, multiple smaller fishing attacks, or some type of malware? Why were lists of affected users posted online? Whatever the answers, it might be a good idea to take a few minutes to change your email passwords from a computer that has been swept for viruses and malware.
- Keizer, Gregg, “Hacker Leaks Thousands of Hotmail passwords say site,” Computerworld, October 5, 2006.
- Keizer, Gregg, “Gmail, Yahoo join Hotmail; passwords exposed,” Computerworld, October 6, 2009.
- Keizer, Gregg, “Researcher refutes Microsoft’s account of hijacked Hotmail passwords,” Computerworld, October 7, 2009.
- Richmond, Riva, “More E-Mail Account Details Leaked Online,” New York Times, October 6, 2009.