Scheme Targets Web-Based Mail

by Erin on October 7th, 2009 in Security Alert, Security Tips.

You may have seen the news that broke this week on a phishing scheme that has allowed scammers to harvest credentials from Hotmail accounts, leaking a list of thousands of log-in details online. Now it seems the scope is more widespread, and is involving users of other web-based mail accounts.

The BBC has reported seeing “a list of more than 20,000 more names and passwords that have been posted online. The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail…other addresses include Comcast and Earthlink accounts.” Full details are available in the BBC News report.

One of the ultimate worries here: once your e-mail account is compromised, hackers can potentially use it to gain credentials for your other sensitive accounts, by using the ‘forgot your password’ function that sites use to send out lost passwords to their customers.

If you follow our security tips and news here at Lavasoft, you know that, to stay secure, you should update your passwords on a regular basis. But, if you have one of the e-mail accounts mentioned above, it may be an especially good time to change your password. Just make sure you make it a good one! According to reports, an analysis of the leaked results have shown how weak our passwords are; for example, the most commonly used password was found to be “123456”. If that sounds a little too familiar, get some help by reading our password-creating tips in the Lavasoft Security Center.


Thanks for sharing such vital

User offline. Last seen 4 years 51 weeks ago.alexaasimon
Joined: 2009-10-08
Posts: 0

Thanks for sharing such vital information. It will help us out for securing ourself online.


I have just contributed to the MyLavasoft community.

I am not sure whether my

User offline. Last seen 4 years 48 weeks ago.vinayparanjape
Joined: 2009-10-24
Posts: 0

I am not sure whether my details have been hacked. But, since I installed version 8.1, I am unable to open/save any attachment received on hotmail. Whenever I click an attachment, the software asks permission to open some vaguely named file or login.srf file. Please help.


I have just contributed to the MyLavasoft community.