Today, a security researcher said that recently leaked Hotmail passwords may already have been used in a plot involving fake Chinese electronics and cheating users out of cash and credit card information. The suspect messages claim to be for an electronics retailer in China, and provide a link to its site which appears to be legitimate but is simply a front. Consumers caught up in the scam have reported that they never received the goods they ordered.
The link to these Hotmail passwords is circumstantial, but still credible. The researcher speculated that the scammers had simply taken advantage of the apparent work of other criminals, swiping the account information from the Web and using those compromised accounts to send spam.
Microsoft and Google say they have blocked the specific accounts, and both companies were eager to point out that they were only obtained through a wide-scale phishing attack, and in no way through a security breach in their free e-mail services.
Experts have urged users to change their email account passwords, but other researchers have reported that many of the compromised accounts were hidden behind easily guessable passwords, ‘123456’ and ‘123456789’ being the most common among these. Courtesy of computerworld.com