Pastebin.com and the Hotmail password leak

It seems that a list of 10,000 Hotmail usernames and passwords has been posted on pastebin.com in recent days.

Pastebin was created as a tool to aid software development, not to distribute this sort of material.

As a result of the interest this story is generating, pastebin.com is experiencing huge levels of activity – as a result I took it offline to ensure all the offending material has been removed, and have adjusted the abuse filters prevent re-occurence.

Edit: please don’t ask if you name was on the list. I have no way of knowing. Just change your password.

Edit #2: things have calmed down now, and I’ve written a longer post about the incident here.

95 thoughts on “Pastebin.com and the Hotmail password leak

  1. Mazen Abu Ayyash

    i was wondering if my account on hotmail is posted?
    because until moment i really do not have an account on hotmail.
    i only use yahoo and gmail.
    hehehehehehehe
    nice jock

  2. Jack

    “was this email address posted DELETED@hotmail.com”

    yes it was so change your password and quit worrying…

  3. Haggis

    What is it with people not reading, Pastebin did not post the lists online, he does not have the list so cant tell you if your email address is on there, if you were stupid enough to click a link you did not know then you dont deserve to have the account in the first place

  4. Adrian

    lordelph,

    Sympathies for being caught in the middle of all of this; it looks like the list (and the mildly clueless follow-ups) have caused a hell of a lot of hassle for you.

    On the positive side (and I am by no means implying this was intentioned!), it has increased the exposure of what appears to be a useful tool for collaborative RAD projects, so best of luck.

  5. TheElphLord

    Lordelph has the list, he cut and paste it into a notepad document.

    Edited by Lordelph/Paul Dixon: If it’s not already clear: I have no copies of the list. I want nothing to do with it.

  6. viksra

    Sigh. Last night I saw someone sent messages from my facebook account out to other people on my friend list… they left a ton of weightloss spam on people’s walls. I quickly logged on and changed my password after seeing a bunch of e-mail notifications on my phone about people wondering why I was leaving them spam. After some hours went by, I turned on the TV and saw on CNN that a bunch of accounts were compromised… so I thought mine was caught up in the incident… I went online to look for the list and it lead me here… I found a copy through Google… but oddly, mine isn’t on the list! Weird!

  7. Tomas

    bognor birdman, your name and password are on the list. Change your email. Lordelph will be using it.

    Edited by Lordelph/Paul Dixon: No he will not!

  8. Midge

    Wow – I would have thought that people on this website were somewhat intelligent. Think for just a minute folks.

    - the passwords were obtained because the USER replied to a fake email and gave it to them

    - if you have any concern that your password has been shared, then change you freakin password

    - The 2nd dumbest thing I have seen here are requests to post the list – so more people can target those poor people

    - The most dumbest (great english) thing is posting a specific email, so they you can then get spammed.

    I just don’t get how seemingly intelligent people can not just take 3 seconds to think this through.

  9. Peter Parker

    Midge, your name and password are on the list. Change it fast, lordelph will compromise your facebook account.

    Edit by Lordelph/Paul Dixon: Grow up.

  10. Luchy

    Carol Sim : I took the advice and googled my email it appears on pastebin.ca so whilst.

    If lordelph had deleted the list before 6 Oct, that means the list no longer on pastebin, how can people find out their address with password via google search now?

  11. Shiloa

    Lordelph – I don’t understand why you took all those peoples passwords, only to spam them with your weight loss program? Does that even work?

    Edited by Lordelph /Paul Dixon: It’s the only way I can pay for the secret base I’m building inside a volcano.

  12. Mindy

    This site is being mirrored from the eastern block countries which shows clearly that something is hanky. Why would an open source website have a list of 10000 email addresses with pws and how do you think those passwords were acquired huh?

    Edited by Lordelph / Paul Dixon: Comedy isn’t your strong point. On any other day you might be *marginally* funny. It is funny how the timewasting comments come from the same IP though…

  13. PAOLA

    Hace dos dias me jaquearon la cuenta de hotmail, quiero saber si existe la posibilidad de recuperarla o darla de baja.

  14. Eco

    I have seen the list online after the takedown on a service like pastebay. Anyway, guys, DO NOT STRESS … IF YOU DONT USE SERVICES TO KNOW WHO BLOCKED YOU, YOUR PASSWORD IS NOT IN THE LIST (NEITHER YOUR EMAIL)

  15. Фредди

    Это огромный беспорядка, lordelph увековечивает на Google и Microsoft пользователей. Я не знаю, почему он будет делать это, если не для финансовой выгоды. lordelph действует как ни странно.

  16. awayofme

    great news hahaha

    this is professional tech

    hahahahah go ahead

    this is Microsoft gaps maybe it’s time to change on LINUX. maybe!!!

  17. zeta

    quien quiera que haya sido el que puso las contraseñas, por favor le rogaria que me encuentre la constraseña del correo DELETED@hotmail.com, ya que es importante.

  18. Martin

    somebody mentioned it was great that the list got published online. That is certainly very good as it rendered those e-mails safe now as their accounts are now locked and the user, as I understand, will be forced to change the password.

    The only thing these users might expect is a higher volume of spam due to spam crawlers picking them up while snooping the internet – the lists are still online, albeit in limited volumes.

  19. Adrian

    I have three things to say!

    1) LordElph/Paul Dixon had NOTHING to do with posting that list. He is the ****ing OWNER, not the USER that posted the content. I think it was very responsible to do that. What would be the point of putting other people’s (who you don’t even know) privacy at risk?

    2) Microsoft was NOT ‘HACKED’. It was unknowing USERS of a Microsoft SERVICE who put their details into a website, e-mail or advert and that is how the details were got hold of.

    3) @Juan: You might want to have a look at this link. http://www.stuff.co.nz/technology/digital-living/2939677/Hackers-hit-Gmail-Yahoo-too – It is NOT just hotmail users affected.

    Yaaay my rant is over.
    Let’s get on with life.
    Case Closed.

  20. Akmed

    أي شخص يمكن أن تقدم لي هذه القائمة ، أنا غير قادر على الوصول إلى حسابي هوتميل وأخشى أن LordElph هو استخدامه في فقدان الوزن حملة غير المرغوبة. LordElphin ، يرجى ارحمني والافراج عن حسابي هوتميل. أتوسل إليكم يا سيدي ، يرجى بيان حساب بريدي الإلكتروني هو DELETED@hotmail.com

  21. James

    Listen dip stick, I don’t care if you don’t know if my name was on the list or not – you have a responsibility to the public because this sensitive information was posted on your lame “What does it do again” website.

    Yeah! I can change my password, but what the fawk dude, then I’d have to learn a new password and we both know thats not going to happen.

    So here it is, a simple solution we both can agree on GIVE ME the information that was included on that post, and I will do a very simple CRTL-F search on a text pad to find out if my hotmail account was on it or not.

    No way of finding out is just another lazy man’s way of saying “I don’t care”, so just do everyone a favor and repost that post – look its real easy, you just have to stop playing world of warcraft and/or skyping with that fake potential Russian bride of yours for like two minutes, and I can go back to not having to go to lame websites and blogs like this one.

    OK! THANK YOU.

    Edited by Lordelph / Paul Dixon: James is clearly mentally challenged, and has my deepest sympathy.

  22. SillyWilly

    I am confused as to how a password list posted on pastebin.com is responsible for pastebin.com’s spamming of a weight-loss program. Would someone help me connect point A and point B in this scenario?

  23. Ms Me

    Sorry but James (above) was right. I hope my post comes across better than his though.

    You need to drop the attitude and get some common sense.
    Clearly you scrambled to post about the story in order to get attention/hits. Then when you get the attention you wanted you start complaining because you are being criticized. (by the way Midge, that may be the reason the readers aren’t up to the usual standard..surely an intelligent person would have realised that?)

    That is what happens when you put yourself out there. Do something NOT QUITE PERFECTLY and you are judged. If you can’t handle that, and feel the need to write huge follow-ups trying to get repair your self esteem or reputation.. well..you should not have a blog frankly.
    I don’t see the big deal with reposting something that is already on 100 other sites (the list)
    All censoring the list achieves is the poster bragging that they have the list, but they’re not going to let anyone else see it. Of course you’re going to rile people up doing that!
    People naturally want to see the list, mainly to calm their anxiety over being ON the list.

    Like someone else said you could have posted the email addresses WITHOUT the passwords.
    That seems like the most sensible approach for all blogs and people reporting it to take…

    Not just talking to you but to everyone who chooses to post stories like this without thinking it through properly.

    I appreciate that when moderating comments you may have genuinely deleted the list before you realised that it would have been helpful to people coming upon your site, but common sense would tell you that the emails alone would help people immensely without exposing..well.. anything.
    It is also highly unbelievable that you didn’t save the list or at least look through it yourself, so most people would assume that you are purposely withholding helpful information from them, and that DOES NOT go down well.
    Fact is, people are coming to your page NOT to read about the story, but to look at/for the list. So don’t be surprised when people start bitching at you when they don’t find it. Maybe call this a lesson learned ?

    It will be interesting to see if I get a smart ass comment next to my post (if it is published at all) presumably it will mention something about length, grammar or ‘getting a life’.

  24. lordelph Post author

    @Ms Me: That’s a good comment. If only all were of a similar standard!

    Firstly, I “scrambled to post” because it was apparent people were coming to pastebin and had no idea what it was. Aside from the extra traffic bringing the server to a crawl, pastebin was getting stuffed full of posts with requests for the list. This wasn’t about getting attention or hits. I’ve answered only basic questions with print journalists via email, and have refused television interviews.

    Neither was the longer post intended to repair self esteem or reputation, both of which are fine, thankyou. I am more than happy to take criticism, and as you’ll note in my longer post, next time I may do things differently. However I do reserve the right to poke fun at people who can’t string coherent thoughts together. You don’t fall into that category :)

    As for reposting the list because its “already out there”, the answer is no. I don’t need or want the traffic or publicity. If you find it on one of the thousands of other pastebin services, feel free to post a link.

    Your comment was of excellent length, grammar perfectly adequate, and I’ve no doubt you have a rich and full life :)

  25. David Precious

    Oh sweet Jesus, the majority of the comments on this post make me lose faith in humanity.

    About time to close comments on this one I think, that or put some bleach in the gene pool.

    Luckily there are a few sensible comments, but the rest…

  26. Pingback: TalSoft TS » Blog Archive » ¿Qué ha ocurrido realmente con Hotmail?

  27. Pingback: Phishing masivo de contraseñas de Hotmail, Gmail y Yahoo | Tecnozona 2.0

  28. Pingback: With Email Scams Galore, Guard Your Password | Mortgage Loan Refinance Guru

  29. Tom W

    Paul – best read I’ve had for ages…Its great to see the point in the comments where you just no longer care, maybe we could have an event when your secret base is completed… see you soon buddy, Tom

Comments are closed.