first_imgTags:#AOL#Google#news#NYT#web#Yahoo A Web Developer’s New Best Friend is the AI Wai… 8 Best WordPress Hosting Solutions on the Market Why Tech Companies Need Simpler Terms of Servic… sarah perezcenter_img Top Reasons to Go With Managed WordPress Hosting Yesterday’s phishing attack in which several thousand Hotmail username and password combinations were leaked to the web now appears to be just the beginning of a massive phishing attack affecting users of multiple webmail services including Gmail, Yahoo, AOL, Comcast, and Earthlink. The original list was posted anonymously on, a site generally used by developers sharing code snippets. Again, that site recently saw the addition 20,000 more login details from other webmail service providers, indicating what may the largest scale phishing attack to date.The Hotmail Attack In yesterday’s attack, the list of comprised Hotmail accounts were limited to those where the usernames started with the letter “A” or “B.” However, that seemed to imply that the posted portion might actually be a part of a bigger list containing even more login/password combinations. At the time, a Microsoft spokesperson said that the company determined “this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.” Instead, claimed the spokesperson, those users whose credentials were revealed were likely to be victims of an online phishing attack where a third-party website was involved.Phishing attacks are typically carried out via email messages where the attacker tricks the recipient into revealing their username and password by pretending to be some sort of trustworthy entity such as the user’s bank, IT administrator, a popular website, or an online service. In the case of the stolen Hotmail passwords, it’s possible that the attacker sent emails which claimed to be from the end user’s email provider. If the user then followed the link contained within the malicious email, they would have ended up not on the actual email provider’s site, but on a third-party site whose sole purpose was to capture their username and password when entered.Beyond Hotmail: More Webmail Providers Affected According to a story in today’s BBC News, the most recent list of compromised accounts, which includes login credentials for Gmail, Yahoo, AOL, Earthlink, and Comcast users, contains some accounts that appear to be old, unused, or fake. However, many others listed are, in fact, genuine. There’s no way to be sure at this point that the new list is a part of the same phishing attack as yesterday’s or if it’s a new and separate scam. The website where the accounts were posted – – is now “down for maintenance.” Visitors to the site today will receive a message that is getting an unprecedented amount of traffic due to a news story in which some leaked Hotmail passwords have been pasted on this was intended as a tool to aid software developers, not for distributing this sort of material. Filters have been put in place to prevent reoccurrence, but the current traffic level is is just a fun side project for me, and today it’s not fun. It will remain offline all day while I make some further modificationsPaul DixonRegardless of whether or not you think your account was compromised, today would be a good day to change the password on whichever webmail service you currently use. Better safe than sorry! Related Posts last_img read more