Phishing Attack Exposes Usernames & Password of Yahoo, Gmail & Others

Security experts have discovered a list of almost 20,000 names and passwords posted online. The list carries e-mail addresses and passwords of accounts created at Hotmail, AOL, Gmail, Yahoo and other service providers.

The list has published on the same website on which a similar list of 10,000 Hotmail login details was published recently. Some of the accounts seem to be forged and old. However, BBC news has confirmed that many of them - which include Hotmail and Gmail addresses - are authentic. Other addresses are Earthlink and Comcast accounts.

Security experts have claimed that this will account for the biggest and most comprehensive phishing attack the world has ever witnessed. Moreover, a new batch of e-mail addresses was posted on the same site on October 5, 2009 (20,000 + Hotmail accounts).

A large number of Hotmail usernames and passwords were revealed to the public on the weekend through a phishing assault. It is still not clear whether the list was part of the same phishing attack that gathered the Hotmail addresses or a separate scam.

Security experts stated - in a phishing attack, users are deceived into revealing their private details, usually account usernames and passwords, and sometimes monetary (financial) details. In the case of Hotmail, users might have used the mail program to interact with their banks or other institutions, and save their personal details.

In addition, the experts suggest users to change both their passwords and security questions. It has been found that around 40% of users worldwide use the similar combination of username/password to login other sites, including Ebay, Paypal and Amazon.

The time has come when it can be said to these websites that they should adopt a safer login system that enable users to keep their usernames and passwords safely.

Finally, Microsoft stated - customers should implement severe vigilance when opening uninvited attachments or links from both familiar and unfamiliar sources. The software giant has suggested that they should download updated antivirus solution on their systems, as per the news by CONNECTED INTERNET on October 6, 2009.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 10/22/2009