Reddit User Discovers Hotmail Phishing Scam

govinfosecurity

When a user of the social news sharing platform Reddit decided to investigate if a phishing message he’d received had actually worked, he discovered it had.  A little bit of sleuthing revealed more than 47,000 stolen identities from Hotmail.com and MSN.com, all available for anyone to see.

The user’s nickname “Roddds” discovered the stolen information after investigating a phishing message that he received personally.

“Earlier today, I received one of those run-of-the-mill phishing emails,” Roddds explained in a Reddit post. “I opened the URL that the email wanted me to open, but leaving out the .php file in the end.”

The user followed the link to a server that hosted a text file containing 47,130 joint emails and passwords for Hotmail and MSN. The user wrote a script to see whether the accounts were any good. Two hours later, it was discovered that 85 percent of the information proved to be correct.

Roddds notified Microsoft, owner of MSN and Hotmail, about the security break. Thus, the server hosting the file was taken down.

Once Microsoft was notified of the security breach, the company immediately indicated all affected accounts as exposed, and then contacted all account owners to return them to secure service.

Related Stories
Mediabistro Course

Creative Social Branding

Creative Social BrandingLearn how to create social buzz for your brand! Starting November 24, the VP of content strategy at DBA will teach you how to speak and write to different audiences on social platforms, identify and engage with current trends and influencers, and build an excellent social strategy to amplify your numbers and rate engagement. Register now!