News has broken out that a large number of Hotmail/Windows Live credentials have been stolen and published on the internet. It is not yet clear how these credentials were obtained; however, Microsoft claims it was by means of a phishing attack.

In any case I recommend that you change your password/secret question at once should you own an account with these systems.  Furthermore it is always wise to use a different password for each system and ideally the password should never be written down.  If you need to store the passwords because of many accounts ensure that your password repository is well secured. Keep in mind that if anyone were to get his hands on your password repository everything you use that requires security has virtually had that security disabled.

It is very important that this issue is not ignored. I have seen some posts on forums of people claiming they don’t care if their account was compromised and that they are not worried; however, I think they’re underestimating the impact that this can have.  The obvious risk here is identity theft/social engineering. If you use this account to communicate with other people, any emails sent from this account (even if not by you) will be considered by the recipient as coming from you. This can be especially dangerous if you have an address book which has people labelled by relationships. Also the same credentials might give access to other services such as messenger services. Again here people might login using your account and interact with your friends/family with them thinking they’re talking to you.

Consider someone who accesses your email and from the address book gets the email addresses of relatives. He uses your account again to get on your messenger service and checks which of your relatives are online. Subsequently pretends that he (you to the victim) is in trouble and needs money urgently and tries to get credit card details from them. It could happen. Social engineering is a real danger and getting an identity that has “high level access”, so to speak, with his victim is a powerful advantage for any social engineer.

Another danger would be for the perpetrator to use your email account to commit crimes which will then be traced back to you.

Treat this as a serious issue and change your password as quickly as possible. As they say, better safe than sorry.