Sign in with
Sign up | Sign in

Gmail, Yahoo, Others Also Hit in Hotmail Attack

By - Source: Tom's Hardware US | B 24 comments

Yesterday all 21 million Hotmail users were encouraged to change their passwords when the login details of 10,000 mostly European users were posted online. Today we learn that Microsoft's Hotmail was not the only email provider targeted in the attack.

The BBC today reports that it has received confirmation from Google that Gmail was also targeted in what the search giant described as an "industry-wide phishing scam."

"We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail accounts," a Google spokesperson told the Beeb. "As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them."

Google went on to say that the scam was not a breach of Gmail security but "a scam to get users to give away their personal information to hackers."

The news comes following a previous report in which the BBC claimed to have seen a list of 20,000 logins and passwords for Hotmail, Yahoo, AOL, Gmail and other accounts. This number has since crept up to 30,000.

I think I speak for everyone when I say, 'Ugh!' There's nothing more annoying than a phishing scam that forces you to change your passwords for everything 'just in case.'

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 18 Hide
    El_Capitan , October 6, 2009 3:09 PM
    If anyone needs their e-mail password secured, just relay your e-mail, password, and security question and answer to me and I'll do it for free! Plus, I'll need your Social Security number to verify your identity.
  • 10 Hide
    El_Capitan , October 6, 2009 2:40 PM
    Fool me once, shame on — shame on you. Fool me — you can't get fooled again.
Other Comments
  • 10 Hide
    El_Capitan , October 6, 2009 2:40 PM
    Fool me once, shame on — shame on you. Fool me — you can't get fooled again.
  • Display all 24 comments.
  • 1 Hide
    ssalim , October 6, 2009 2:53 PM
    Luckily I switched to 10minutemail... lol j/k
  • 2 Hide
    hellwig , October 6, 2009 2:59 PM
    I only give my email password out to people who use the Hotmail logo in their emails. I'm pretty sure that makes them official, even though I use Yahoo mail. Hmm.....
  • 8 Hide
    JasonAkkerman , October 6, 2009 3:01 PM
    Never enter your password (or any important information) into a website that you arrived at via a link. Always go to important sites (email, bank, etc) by typing in the address, or a bookmark.

    It's that easy people.
  • 18 Hide
    El_Capitan , October 6, 2009 3:09 PM
    If anyone needs their e-mail password secured, just relay your e-mail, password, and security question and answer to me and I'll do it for free! Plus, I'll need your Social Security number to verify your identity.
  • 2 Hide
    Anonymous , October 6, 2009 3:11 PM
    @JasonAkkerman:

    Yeah, it'll be that easy until you get hit by a DNS hijacking attack. There are two kinds of people that get duped by phishing attacks: The arrogant, and the ignorant. Don't be either.
  • 8 Hide
    JasonAkkerman , October 6, 2009 3:28 PM
    kaseykrehbiel@JasonAkkerman:Yeah, it'll be that easy until you get hit by a DNS hijacking attack. There are two kinds of people that get duped by phishing attacks: The arrogant, and the ignorant. Don't be either.


    While you are correct that a DNS hijack could occur, I was simply referring to the context of the article. Regardless of the fact that DNS hijacking is a much less effective way of securing user information than phishing (it's also less prevalent) , but if somehow someone did manage to compromise your system and change your DNS settings you have much larger problems.

  • 2 Hide
    Anonymous , October 6, 2009 3:44 PM
    there are some sites that in order to reply to a topic,you need to login in your GMail or facebook account.
    I believe this also could be a serious breach in security,especially since many blogs are not related.
    Makes me not dare to reply on any but a trusted blog; or use a scam/crap/spam email, which they can have the password to,and access to the tens or hundreds of daily spam mails.
  • 0 Hide
    cabose369 , October 6, 2009 3:57 PM
    ahahah all you stupid Gmail fan boys who yesterday put "thats why gmail is better", blah, blah, blah... not so smart are you now. Besides... is a phishing scam. If you are stupid enough to put your login info on a phishing site you deserve to lose your data.
  • 0 Hide
    Envinyanta , October 6, 2009 4:20 PM
    Quote:
    I think I speak for everyone when I say, 'Ugh!' There's nothing more annoying than a phishing scam that forces you to change your passwords for everything 'just in case.'


    Just a little over-dramatic? I can think of a LOT more annoying things than my e-mail provider taking an extra step to keep my account secure. (like, oh, having all my personal information stolen, my credit ruined, etc. Not to mention everything else in the world) Given that most businesses require password changes for employees on a regular basis anyway (including all the ones I've worked at for the past 10 years), I'm pleased to see Google taking the extra step 'just in case' to help protect its users. If that's the extent of the inconvenience then we should be grateful.
  • 0 Hide
    Ciuy , October 6, 2009 4:41 PM
    so what
  • 0 Hide
    El_Capitan , October 6, 2009 4:47 PM
    I don't know about you guys, but I click on every link in my Spam box and fill out every form it links to. For some reason, my bank keeps withdrawing money from my checking account. Anyone have the same issues with their bank?
  • 2 Hide
    wildwell , October 6, 2009 5:01 PM
    I just want to be clear; this article warns potential victims of phishing scams. There was no breach of security by Google, Yahoo, etc. Right?
  • 1 Hide
    lenell86 , October 6, 2009 5:14 PM
    El_CapitanI don't know about you guys, but I click on every link in my Spam box and fill out every form it links to. For some reason, my bank keeps withdrawing money from my checking account. Anyone have the same issues with their bank?

    humor fail 0/10
  • -7 Hide
    El_Capitan , October 6, 2009 5:18 PM
    lenell86humor fail 0/10

    That's what I do.
  • 1 Hide
    rooket , October 6, 2009 5:28 PM
    cabose369ahahah all you stupid Gmail fan boys who yesterday put "thats why gmail is better", blah, blah, blah... not so smart are you now. Besides... is a phishing scam. If you are stupid enough to put your login info on a phishing site you deserve to lose your data.


    lol that's what I love about dumbasses "this is better than that" (mac is better than pc, pc is better than mac, coke is better than pepsi pepsi is better than coke etc...) when realistically most products are the same and everyone is suppose to be sheeped to one side or another. I've got gmail yahoo aol (blah stupid aol ;)  and hotmail. guess what, they all do the SAME THING lol. one isn't better than the other although well I don't know if you can search emails in yahoo I don't use it enough to know. but you can in hotmail and gmail. is anything passworded 100% secure? no. lol.

    but back on topic, I haven't changed my passwords.. I doubt I was affected but even if I was i really don't care. ppl can go in my email all they want there isn't much of any use inside my email accounts.
  • 6 Hide
    Hovaucf , October 6, 2009 5:37 PM
    I live in South Africa and they intercepted my pigeon mail then used a enigma machine to decode my p-mail :( 
  • 1 Hide
    the_krasno , October 6, 2009 6:30 PM
    Another reason to actually read where that hypertext link is going. People call me paranoid, but I'm not the one changing his password every week.
  • 2 Hide
    Anonymous , October 6, 2009 7:00 PM
    i knew it that it was not a hotmail exclusive scam... the list i came across contains all hotmail, gmail, yahoo, comcast, aol... the list goes on. btw for all the gmail fan boys i gotta report that the only working passwords i found belonged to gmail users.
  • 0 Hide
    JasonAkkerman , October 6, 2009 7:10 PM
    pwnedi knew it that it was not a hotmail exclusive scam... the list i came across contains all hotmail, gmail, yahoo, comcast, aol... the list goes on. btw for all the gmail fan boys i gotta report that the only working passwords i found belonged to gmail users.


    I would like to say that it's rare that you find people admitting to federal crimes online, but unfortunately it happens quite often. My favorite are the people that post videos of themselves committing crimes on YouTube and such.
Display more comments