Earlier this week the logins and passwords of 10,000 mostly European hotmail users were posted online. Soon after, reports did the rounds that folks using AOL, Yahoo! Mail, Gmail and services from other providers were also affected and a Gmail spokesperson admitted that the company was also targeted in what the search giant described as an industry-wide phishing scam. Today experts speaking to the BBC say it that the attack is ongoing and may not have been a phishing attack at all.
BBC cites security firm Websense, which says it has noticed a sharp rise in spam e-mails from Yahoo, Gmail and Hotmail accounts, as well as Amichai Shulman from security firm Imperva who says the high numbers of victims suggest that it could have been a key-logging attack.
Why does Shulman think attackers were using key-logging software? Well, despite Microsoft urging all 21 million Hotmail users to change their passwords, some users are still experiencing problems. BBC reader Peter Griffin says that he's still experiencing problems with his compromised Hotmail account even though he's changed the password.
"I checked my account yesterday and found more than 10 e-mails with links [that] were sent from my Hotmail [account] to people from my contacts," Griffin said. After changing his password, he "found an hour later they had sent another six e-mails".
Have you changed your passwords yet?