Passwords of Thousands of Hotmail Accounts Leaked Online!

Windows Live Hotmail LogoMicrosoft had a bad weekend as around 20,000 hotmail accounts were hacked and their passwords were posted on October 1 by an anonymous user on pastebin, a website used by programmers to share code snippets. The page was removed soon after (even the cached page by Google).

How were the accounts hacked?

The most probable reason for the accounts getting hacked is phishing. Wikipedia defines phishing as:

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as user-names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

I feel my account is hacked, what should I do?

  • You can fill the reset password form and request for a new password.
  • If you feel that you account was on the list posted on pastebin, you can fill out this form to reclaim access to your account.

You should also take the following safety precautions so that you account doesn’t get hacked in the future:

  • Reset you account’s password every 60-90 days.
  • As phishing sites can also pose additional threats, please install and keep anti-virus software up to date.

Related: 5 Simple Rules To Fight Against Phishing | Can you spot “Phishing” attack? Simple test to check your safety!

(Source: Windows Live Blog & Neowin)


[Editor’s Note: This post is submitted by our guest blogger Gautam. He works for OrkutPlus.

If you, too would like to write for Devils Workshop, please check this. Details about our revenue sharing programs are here.]

21 Comments

Akshay Kakkar October 7, 2009

If you want to check if your id is in that list or not, just have a google search of ur full id ie “[email protected]” . this will give you the results.

nicky October 7, 2009

how they are saying that it is phishing ?

they said that

“The list details over 10,000 accounts starting from A through to B”

which is impossible using phishing attack..

Aditya Kane October 7, 2009

@nicky: that really is a good point you have raised. Couple of points. But I think the list of accounts have been arranged in alphabetical order rather than being taken from hotmail in alphabetical order. Why? Because I am sure there many many more than just 10000 accounts starting with ‘A’

nicky October 7, 2009

then how it is posible that only accounts from start from A and B are there not all.

maybe their database is attacked but database have encrypted passwor nad no one can decrypt thousands of password in very short period..

tejas October 8, 2009

Nicky no one uses phishing dis dayz…….dey r old methods dude.

Gautam October 8, 2009

@Akshay
Thanks for the tip

@Nicky
Well, even I think that so many accounts cannot be attacked with phishing, but that news was based on the one posted on windows live blog and neowin.

And, are you Niktrix’s nik?

@Tejas
Thanks for the links & info

nicky October 8, 2009

@tejas yhanks for yourinfo .. iwant to know more what is your email address ?

nicky October 8, 2009

@gautam how do u find about niktrix ?

Gautam October 8, 2009

@Nicky
If you are that nik, then you might remember me from this pic – http://i38.tinypic.com/29ct91d.jpg

Albert October 9, 2009

Oh my god… Ok ok… What about Gmail and Yahoo accounts… ? Is that accounts user name and passwords posted in anywhere in the World Wide Web…?

tejas October 9, 2009

lolz……dude i can get u tons of passwords .i even hav the ones not posted.plus passwords in database are encrypted using salted md5 hash and trust me they r very easy to decrpt.ive decrypted tons of database passwords already….if u wannab learn gdata.

nicky October 11, 2009

@Aditya now explain us bot network,…

tejas October 11, 2009

lolz……Aditya i can bet botnets cannot do it.ill recruit u if u can make it happen and yes ur salted md5 hash is easily decrypted using maddox v 1.4.plz take the pains of downloading it and decryptin it urself dude.and yes im so congfident coz the person who hacked dem was trained under me.his alias is A.D.E.D and if u want more info den email me.

amit October 12, 2009

@Tejas.
Wow! you are you one of those script kiddies who just know how to use all the tools over the internet ? First of all your comments are a pain to read,i would appreciate if we stick to english, i am sort of slow on “jibberish”.

In all of your comments, you are whining about some nonsense without ever giving the POC(btw it stands for proof of concept, in case you don’t know). I am not interested in the tools, just cut to the core part. Give us the Proof.

Aditya October 12, 2009

Amazed at the “knowledge” of some people!
– First of all the Hash I provided isn’t even salted(if you know what that means).Its plain 128-bit MD5 Hash.Still give me the original word, I will be happy.
– Dude you should ask the coder of that application to apply for a Nobel Prize, if he really can “decrypt” MD5.. (OMFG) People are fool trying to create mapping database (eg Gdata)
– I second Amitabh, I have no time discussing things with script kiddies. I can realize the person “trained” by you will be a L33T.. 😀

Aditya October 12, 2009

I will just add that rainbow tables is the only way you can work with MD5. Waiting for your comments Rahul 🙂

tejas October 12, 2009

lolz……

amrita January 26, 2010

hey ..well my account has goten compromised although ive managed to get the md5 hash for it could anyone temme how to decrypt it..the md5 string is 5860a6621a673b6c6db8e6e795189c23 and the hash is 080a2bd45cf7d169f8af0a08ea4be310..how do i decrypt it now? can anyone help please…

Gautam March 19, 2010

You can’t decrypt a MD5 hash.

shail December 28, 2011

how to find md5 hash of email address..like eg. [email protected]….i dnt want md5 hash of the above line..actually i want md5 hash of that email’s password…….can someone help me?….Iknow converting md5 hash to password….