Major Webmail Systems Targeted By Phishing- Source PCMAG

During the last week the credentials for several thousand Microsoft Hotmail accounts were posted online. Microsoft has confirmed the list was authentic, worked to get it taken down and deactivated the accounts. If your account was affected you can fill out this form to reclaim account access.

Earlier this week Google annouced that GMail had been similarly targeted and that they had seen a list with more than 30,000 names and passwords.

Microsoft says that the Hotmail accounts appear to have been compromised through “a likely phishing scheme,” not through any problem in Hotmail. Google’s response was similar: “We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including GMail accounts…As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.“

Brian Krebs of the Washington Post has some good general guidelines on password selection in his report on this attack.