Hotmail, Google accounts breached
Using fake websites, hackers conned people into revealing data such as bank account details or login names and passwords.
The breach was thought to target just Hotmail users, but yesterday a second list of 20,000 names emerged containing email addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers.
First evidence of the scam was brought to light when 10,000 Hotmail addresses were posted online at Pastebin. The list was reported by technology blog Neowin.
Yesterday, Andrew Harbison, cyber-security expert with Grant Thornton in Dublin said he believed only “a small fraction” of the compromised data has been published by the hackers.
“I believe this is simply displaying the merchandise,” he said.
“On top of the theft of people’s passwords, my concern is that the bad-guys might move to create a ‘suckers list’ – a list of users sufficiently credulous to disclose personal details in a phishing scam. These users might easily be targeted in other scams.
“It is also possible that a criminal might use information accumulated from the victim’s accounts to carry out ‘spear phishing’ attacks – highly tailored phishing mails specifically targeted at individuals based on detailed knowledge of their personal affairs,” Mr Harbison said.
A Google spokesperson said: “As soon as we learned of the attack, we forced password resets on the affected accounts. We will continue to force password resets on additional accounts when we become aware of them.”
Google stressed the scam was “not a breach of Gmail security” but rather “a scam to get users to give away their personal information to hackers”.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
