Join IEEE Spectrum editors on 27 Oct. at 1pm ET for a conversation on social audio app Clubhouse.

Close bar

It started with a report yesterday at stating that it had "received information regarding a possible Windows Live Hotmail 'hack' or phishing scheme where password details of thousands of Hotmail accounts have been posted online."

According to, which has as its slogan, "Where unprofessional journalism looks better,"  it had seen thousands of account names and passwords that were originally posted 1 October residing on is, its website says, a collaborative debugging tool allowing users to share and modify code snippets while chatting on IRC, IM or a message board.

Microsoft which claims 400 million Hotmail registered users, soon confirmed's story and said that a successful but undisclosed phishing attack apparently had induced thousands of Hotmail members to give up their account and password details. All told, according to this story at the BBC, some 10,028 accounts were compromised beginning with the letters A and B and with email addresses ending in, and The compromised accounts, it reported, were predominantly European in origin.

Then this morning, the BBC said that it had seen two lists containing some 30,000 names and passwords involving not only Microsoft Hot mail account information, but that from AOL, Google, and Yahoo as well.

Google told the BBC that Gmail had been hit by an "industry-wide" phishing scheme, but that only 500 of its accounts had been affected. However, the BBC report also said that Google had discovered yet another list but would not say how many names were on it.

In all cases, Microsoft, Yahoo, Google, etc. have taken steps to help account owners who got phished. Microsoft, for instance,  said that it was blocking access to compromised Hotmail accounts, and will help users recover their accounts after proving that they are in fact the owners of the account. Google said basically the same thing.

What isn't clear is whether all the victims were from one phish attack or several, and over what time frame the attack or attacks took place.

One thing that has emerged from this event is that many of the Hotmail users who got phished used very simple passwords. A story in PC World said that a security researcher found that "just 6 percent of the Hotmail [phished] passwords contained a mix of letters, numbers and other characters. More than 60 percent were either lower case letters only, or numbers."

The top five passwords were, says PC World, 1. 123456; 2. 123456789; 3. alejandra; 4. 111111 and; 5. alberto.

Based on the predominance of Latin names used as passwords, the researcher believes it was a phishing kit targeting Hispanics and Latinos.

In related phishing news, the San Jose Mercury Newsreported today that the FBI is investigating an automated phone-call phishing scam that has been targeting banks across the US, including Liberty Bank, Bank of America, Wells Fargo, Citibank and some credit unions.

The phishing calls, the Mercury News reports, say, "Your card has been suspended because we believe it was accessed by a third party. Please press 1 now to be transferred to our security department."

If you press 1, you are then asked to enter your credit/debit card number and personal identification number.

And if you do, you are gaffed as well as gafted.

BTW, I blogged about a study on why people fall for phishing schemes earlier this year that you can read about here.

The Conversation (0)

Why Functional Programming Should Be the Future of Software Development

It’s hard to learn, but your code will produce fewer nasty surprises

11 min read
A plate of spaghetti made from code with a single strand of "spaghetti code" being pulled from the top of the frame in a neverending loop on a blue gradient background.
Shira Inbar

You’d expectthe longest and most costly phase in the lifecycle of a software product to be the initial development of the system, when all those great features are first imagined and then created. In fact, the hardest part comes later, during the maintenance phase. That’s when programmers pay the price for the shortcuts they took during development.

So why did they take shortcuts? Maybe they didn’t realize that they were cutting any corners. Only when their code was deployed and exercised by a lot of users did its hidden flaws come to light. And maybe the developers were rushed. Time-to-market pressures would almost guarantee that their software will contain more bugs than it would otherwise.

Keep Reading ↓Show less