Not so fast with the Hotmail jokes- additional 20K addresses compromised on GMail, AOL, Earthlink

Yesterday, when it was revealed that tens of thousands of Hotmail addresses and passwords were posted on a code-sharing site, everyone had a bit of a go at the remaining Hotmail users who haven’t abandoned the service for a cooler GMail account.

But a second posting followed, with a list of Hotmail, Yahoo, AOL, Gmail, Comcast and Earthlink addresses. Collected as part of a phishing scam, the BBC reports that while some of the addresses are old, expired or invalid, several are confirmed as genuine. The lists are still accessible.

The BBC also reports that an estimated 40% of internet users have a life password, an inadvisable practice that simplifies logging in but leaves accounts much more open to hacking. Carol Theriault, of security firm Saphos, indicated that scams such as the one used to gather the e-mail addresses are growing increasingly slick and more difficult to detect:

“Phishing attacks are very subtle these days,” she said. “People do all kinds of tricky things.”

Fake websites, which ask for a users login details, can be made to look like those of reputable companies.

“This should be a wake-up call to Google and Microsoft to educate their users,” said Ms Theriault.