When a user of the social news sharing platform Reddit decided to investigate if a phishing message he’d received had actually worked, he discovered it had. A little bit of sleuthing revealed more than 47,000 stolen identities from Hotmail.com and MSN.com, all available for anyone to see.
The user’s nickname “Roddds” discovered the stolen information after investigating a phishing message that he received personally.
“Earlier today, I received one of those run-of-the-mill phishing emails,” Roddds explained in a Reddit post. “I opened the URL that the email wanted me to open, but leaving out the .php file in the end.”
The user followed the link to a server that hosted a text file containing 47,130 joint emails and passwords for Hotmail and MSN. The user wrote a script to see whether the accounts were any good. Two hours later, it was discovered that 85 percent of the information proved to be correct.
Roddds notified Microsoft, owner of MSN and Hotmail, about the security break. Thus, the server hosting the file was taken down.
Once Microsoft was notified of the security breach, the company immediately indicated all affected accounts as exposed, and then contacted all account owners to return them to secure service.