Hello, All.

While this doesn't involve BBSing, it does show the power of stupid people
on the Internet:

Password Scam Widens To Google, Yahoo

The scale of the phishing attack on Hotmail could stretch further than
first thought, with accounts on Google and Yahoo now threatened.

Microsoft confirmed on Monday that the popular email site had been the
target of a scam which tricked users into revealing their passwords. This
led to around 10,000 passwords being posted online.

The computer company said their servers were not responsible for the
security breach and that individuals had been conned into handing over
their details. But it has been reported that more lists have also been
circulated with genuine account information relating to email on Google,
Yahoo, Comcast and Earthlink, as well as other third-party web mail
services.

Neil O'Neil, an ethical hacker and digital forensics investigator at secure
payments specialist The Logic Group, said up to a million passwords could
have been accessed.

"Making the breach public so soon after the attack occurred has
allowed unethical hackers to access the passwords very easily, even though
they were deleted a couple of days ago at the request of Microsoft,"
he explained.

"People tend to have the same password across many accounts - so there
is a good chance that individuals have also compromised the integrity of
their ebay or paypal accounts too.

"The list went through A and B, so you would think whoever released
these has more. And if you do the maths, they could have more than a
million passwords."

Hackers and cybercriminals attempt to trick people into handing over
personal details, including email addresses and passwords. Internet users
may be directed to false websites, set up to mirror legitimate websites,
that feed information back to the criminals.

News of the scam broke when technology blog neowin.net reported an
anonymous user had published confidential details on pastebin.com. Internet
users are urged to change their passwords regularly and ensure anti-virus
software is up to date to protect themselves from fraudsters.

A Microsoft spokesman said: "We are aware that some Windows Live
Hotmail customers' credentials were acquired illegally by a phishing scheme
and exposed on a website."

They added that they requested the details be removed from the internet and
they launched an immediate investigation. The company are also taking
measures to block the accounts which were hit.

A spokesman for Google said they were aware that some gmail accounts had
been part of the phishing scam and said - while their servers were not
responsible - they had taken steps to ensure security.

And a spokesman for Yahoo said they take great effort to protect their
users' security and that they urge consumers to take measures to secure
their accounts whenever possible, including changing their passwords.

Later,
Sean

//sean{at}nsbbs.info | http://nsbbs.info | ICQ: 19965647

... A friend is ... a second self. - Cicero
--- GoldED/2 3.0.1