A massive phishing operation is being blamed for the theft of thousands of login credentials on Microsoft's Hotmail service.
The company said that over the weekend reports emerged of a mass password theft. After investigating the reports, Microsoft said that it had traced the thefts back to a phishing page which gathered user data and that no internal systems had Microsoft had been compromised.
Microsoft news site Neowin.net reported early Monday that user names and passwords for more than 10,000 accounts had been posted on code-sharing service pastebin. The site reported that the majority of the compromised accounts were believed to be from Europe.
Microsoft is advising users whose credentials may have been compromised to immediately change their passwords. Users are also encouraged to change their password recovery questions and update their alternate email addresses.
Both Microsoft and third party security groups have long suggested that users make efforts to avoid phishing attacks by carefully checking the URL and content of pages which ask for log-in information and avoiding providing any information to untrusted parties or suspicious pages.
Though some reports have indicated that phishing activity is down slightly in recent months, experts predict that activity will climb as the holiday season draws nearer.
