10,000 phished passwords from @hotmail.com, @msn.com and @live.com accounts posted on internet

More than 10,000 @hotmail.com, @msn.com and @live.com account passwords have been reportedly posted on a site developers use to share code.

Microsoft has not yet confirmed the breach, allegedly occurring October 1st on on pastebin.com. Tech blog Neowin.net reports seeing the data and verifying the information as genuine:

The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

Microsoft has admitted that they are aware of the alleged breach, and are investigating the reports. A spokesman for Microsoft said:

“Microsoft has been made aware of the claims that Windows Live IDs and passwords have been made available on the web.

“We’re actively investigating the situation and will take appropriate steps as rapidly as possible.

“Microsoft is committed to protecting the privacy of our customers and believe they deserve to have their personal data used only in ways they have agreed to, and in ways that provide value to them.”

If you currently use one of the affected services, it is recommended that you change your password and security question immediately.