Yesterday, when it was revealed that tens of thousands of Hotmail addresses and passwords were posted on a code-sharing site, everyone had a bit of a go at the remaining Hotmail users who haven’t abandoned the service for a cooler GMail account.

But a second posting followed, with a list of Hotmail, Yahoo, AOL, Gmail, Comcast and Earthlink addresses. Collected as part of a phishing scam, the BBC reports that while some of the addresses are old, expired or invalid, several are confirmed as genuine. The lists are still accessible.

The BBC also reports that an estimated 40% of internet users have a life password, an inadvisable practice that simplifies logging in but leaves accounts much more open to hacking. Carol Theriault, of security firm Saphos, indicated that scams such as the one used to gather the e-mail addresses are growing increasingly slick and more difficult to detect:

“Phishing attacks are very subtle these days,” she said. “People do all kinds of tricky things.”

Fake websites, which ask for a users login details, can be made to look like those of reputable companies.

“This should be a wake-up call to Google and Microsoft to educate their users,” said Ms Theriault.

Not so fast with the Hotmail jokes- additional 20K addresses compromised on GMail, AOL, Earthlink is a post from: The Inquisitr

More than 10,000 @hotmail.com, @msn.com and @live.com account passwords have been reportedly posted on a site developers use to share code.

Microsoft has not yet confirmed the breach, allegedly occurring October 1st on on pastebin.com. Tech blog Neowin.net reports seeing the data and verifying the information as genuine:

The details have since been removed but Neowin has seen part of the list posted and can confirm the accounts are genuine and most appear to be based in Europe. The list details over 10,000 accounts starting from A through to B, suggesting there could be additional lists. Currently it appears only accounts used to access Microsoft’s Windows Live Hotmail have been posted, this includes @hotmail.com, @msn.com and @live.com accounts.

Microsoft has admitted that they are aware of the alleged breach, and are investigating the reports. A spokesman for Microsoft said:

“Microsoft has been made aware of the claims that Windows Live IDs and passwords have been made available on the web.

“We’re actively investigating the situation and will take appropriate steps as rapidly as possible.

“Microsoft is committed to protecting the privacy of our customers and believe they deserve to have their personal data used only in ways they have agreed to, and in ways that provide value to them.”

If you currently use one of the affected services, it is recommended that you change your password and security question immediately.

10,000 phished passwords from @hotmail.com, @msn.com and @live.com accounts posted on internet is a post from: The Inquisitr