Reddit User Discovers Hotmail Phishing Scam

govinfosecurity

When a user of the social news sharing platform Reddit decided to investigate if a phishing message he’d received had actually worked, he discovered it had.  A little bit of sleuthing revealed more than 47,000 stolen identities from Hotmail.com and MSN.com, all available for anyone to see.

The user’s nickname “Roddds” discovered the stolen information after investigating a phishing message that he received personally.

“Earlier today, I received one of those run-of-the-mill phishing emails,” Roddds explained in a Reddit post. “I opened the URL that the email wanted me to open, but leaving out the .php file in the end.”

The user followed the link to a server that hosted a text file containing 47,130 joint emails and passwords for Hotmail and MSN. The user wrote a script to see whether the accounts were any good. Two hours later, it was discovered that 85 percent of the information proved to be correct.

Roddds notified Microsoft, owner of MSN and Hotmail, about the security break. Thus, the server hosting the file was taken down.

Once Microsoft was notified of the security breach, the company immediately indicated all affected accounts as exposed, and then contacted all account owners to return them to secure service.

Related Stories
Mediabistro Course

Content Marketing 101

Content Marketing 101Almost 60% of businesses use some form of content marketing. Starting December 8, get hands-on content marketing training in our online boot camp! Through an interactive series of webcasts, content and marketing experts will teach you how to create, distribute, and measure the success of your brand's content! Sign-up before November 10 to get $50 OFF with early bird pricing. Register now!