Hotmail security breach spreads as 30,000 Gmail and Yahoo! passwords are posted online

The massive security breach that led to millions of Hotmail customers being advised to change their passwords has now spread to users of email services including Gmail and Yahoo! Mail.



Up to 21million people and businesses who use the Hotmail service in the UK were warned they are potentially at risk of being defrauded after passwords were acquired illegally.



Around 10,000 passwords were obtained by hackers who created a fake website identical to Hotmail's to fool users into entering their email address and password in a 'phishing' scam.

Defrauded: A list of over 20,000 email addresses and passwords of users of services including Gmail and Yahoo! Mail has leaked online (file picture)

'Phishing' scams involve using false websites to lure people into revealing important data such as bank account details, login names or passwords.

Now the BBC claims that another list of over 30,000 email addresses and passwords is circulating, which contains the details for Gmail, Yahoo! Mail, AOL, Comcast and Earthlink accounts.

The latest list was posted on Pastebin.com, the same website to which the Hotmail list was originally uploaded.

How to avoid being defrauded

- Change your passwords every 90 days - Use different passwords for various internet log-ins - Do not open unsolicited email attachments and links

The site, which is intended for web developers to share code, has since been taken down for maintenance.



Hotmail's list of users was posted anonymously on to Pastebin.com on October 1. The list was reported by technology blog Neowin.

It is feared that the information could be used by fraudsters to access email accounts and steal personal information such as credit card account details.



A spokesman for Google, which runs Gmail, said: 'We recently became aware of an industry-wide phishing scheme through which hackers gained user credentials for web-based mail accounts including Gmail account.

Breach: Around 10,000 Hotmail passwords were obtained by hackers using the same 'phishing' scam that has now spread to other email services