Thousands of Hotmail usernames and passwords were posted on pastebin.com, Microsoft has confirmed. The post by an anonymous user has since been taken down.
Microsoft said its internal data for Windows Live Hotmail was not breached and the user credentials were likely obtained through a phishing scheme. According to Neowin.net, the list of usernames and passwords appeared to be mostly based in Europe and included hotmail.com, msn.com and live.com accounts.
"Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers' credentials were exposed on a third-party site due to a likely phishing scheme," a Microsoft spokesperson said. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
Microsoft recommended that users update antivirus software and renew LIVE ID passwords every 90 days.