Massive Phishing Campaign Hits Multiple Email Services 183
nandemoari writes "It seems as if the massive phishing campaign reported yesterday was not specific to Hotmail, as was initially believed. According to a report by the BBC, many Gmail and Yahoo Mail accounts have also been compromised. Earthlink, Comcast, and AOL were also affected. While the source of the latest attacks has not been determined, many are pointing to the same bug that claimed at least 10,000 passwords from Microsoft Windows Live Hotmail. Microsoft has done their part in blocking all known hijacked Hotmail accounts and created tools to help users who had lost control of their email. An analysis of the data from Hotmail showed the most common password among the compromised accounts to be '12345.' On their end, Google responded to the attacks by forcing password resets on the affected accounts."
Wow! (Score:5, Funny)
An analysis of the data from Hotmail showed the most common password among the compromised accounts to be '12345.'
That's amazing. I've got the same combination on my luggage.
HA! My password is 123456 (Score:5, Funny)
With an extra digit for security! ;-)
12345? (Score:2, Funny)
Strong password (Score:3, Funny)
I have a real programmer's password (Score:5, Funny)
012345
I don't know.... (Score:4, Funny)
Re:12345? (Score:2, Funny)
Remind me (Score:5, Funny)
"Remind me to change the password on my luggage!"
Re:Where are the details? (Score:4, Funny)
> ...how do I know if I've been affected?
Are you a fool? If not you are ok.
Re:Wow! (Score:2, Funny)
Saved by 123456!
Take that haxor!
Re:Ban them. (Score:4, Funny)
People with "12345" or similar passwords should get their own internet, where they would be allowed to share lolcatz and powerpoint chains, play with their purple internet buddy, and zap those cute webmonkeys on banners without hurting themselves. Alternatively, maybe the webmail providers should set more strict rules for the passwords.
Hey I play with my purple internet buddy each time I go on the computer and have never hurt myself or anyone else!
Re:Ban them. (Score:5, Funny)
People with "12345" or similar passwords should get their own internet, where they would be allowed to share lolcatz and powerpoint chains, play with their purple internet buddy, and zap those cute webmonkeys on banners without hurting themselves.
Didn't they use to call that "AOL"?
Re:Where are the details? (Score:5, Funny)
Re:HA! My password is 123456 (Score:5, Funny)
Re:Preaching to the church (Score:2, Funny)
Real grammar nazis also know that it wasn't a sentence.
I love you. Will you marry an anonymous coward?
Re:Preaching to the church (Score:3, Funny)
Doesn't look like it [slashdot.org]. Sorry.
Re:I have a real programmer's password (Score:3, Funny)
012345
That's why Microsoft thought "12345" was a reasonably secure password - they figured most hacking and phishing attacks would be coming from Linux or BSD boxes, so those people would never think of starting to count with a "1".
Re:Wow! (Score:3, Funny)
31415 (Score:5, Funny)
Affected users have been placed on an isolated network where they can't do anything but post whinges about Microsoft and Apple to a web server that runs SSL using a self-signed certificate and actually follows the RFCs.
Re:What I don't get... (Score:3, Funny)
> The fact that it's a free email account shouldn't mean you're allowed to set
> your password to *anything* you want.
And one of the things you should not be able to set it to is anything anyone else has already used. In other words, on these systems passwords should be unique.