Pastebin.com and the Hotmail password leak

It seems that a list of 10,000 Hotmail usernames and passwords has been posted on pastebin.com in recent days.

Pastebin was created as a tool to aid software development, not to distribute this sort of material.

As a result of the interest this story is generating, pastebin.com is experiencing huge levels of activity – as a result I took it offline to ensure all the offending material has been removed, and have adjusted the abuse filters prevent re-occurence.

Edit: please don’t ask if you name was on the list. I have no way of knowing. Just change your password.

Edit #2: things have calmed down now, and I’ve written a longer post about the incident here.

95 thoughts on “Pastebin.com and the Hotmail password leak

  1. lordelph Post author

    I do not have a copy of the list – suggest you try searching google for your email address and see what comes up.

  2. David Precious

    I suspect you’re getting a lot of traffic your way thanks to this 😐

    Anything I can do to ease the load? Happy to provide mirroring of your blog or pastebin, or just host a simple “pastebin is temporarily offline” message, or anything that could be useful.

  3. PP

    ITs good to hear that, Its absoluto not fair to get troubles in our website for another person who posted that kind of information.

    One question. Why I had to leave my e-mail and the password to post this comment? . . . just joking xD.

  4. David

    It’s so lame that you’re adding an abuse filter for this. It’s not your fault, don’t correct it.

  5. lordelph Post author

    I will replace the filter with one more specifically targeting general lists of email addresses in a few days.

  6. bitbot

    its the oldes tric in the book used at my mum and told her what i did

    these day’s they claim to have a bock checker
    dont open the link from any1 you recieve it !!!!!!!!
    i’ve you did than change your password right away

  7. hamids

    How do I know if my emailadress was on that list?! Could you post the list, without passwords, or at least the first 4 letters of the adresses to prevent abuse.

  8. Ben

    Now, When I write my email in a google page, I can see my password associated with my e mail. Of course, I can’t indicate my mail but I would like to see the whole cancelation of passwords in google page.

  9. Anonymous

    How do I know if my emailadress was on that list?! Could you post the list, without passwords

  10. Ben

    If you can enter in your mail now, your account is not in the list. All accounts in the list were bloqued by Microsoft.
    Don’t post the liste please !!!!!!!!!!
    You can make the following test if you want to know if your account is the list.
    1/ Open a google windows
    2/ Write your e mail adresse in the google motor search
    3/ If you see your account with your password in google motor search, your account has been hacked

    Somebody know if we can use our account in the future and how Microsoft can send our new password.

    Many thanks and sorry for my english.

  11. Shahin Fard

    If you search for your full email address in google within speech marks, and see your email address displayed, then change your password and any other places you use the same password immediately.

    Phishing scams have been in existence for a very long time. The very fact that this has made main stream news will be a wake up call to the nation to safeguard their passwords, and the very existence of phishing scams making people think twice about hitting reply to a phishing email.

  12. johnny

    I don’t think you should block everything… Please tell me we can still post more than just a few sentences. Deleting offending entries is probably the best answer, I’m sure theres legitimate email address lists as well. Anything can be malicious, are we going to block all programming pastes also because of a few malicious ones?? or all english stories because of illegal bestiality text porno pastes ?

  13. maggie

    I hope Microsfot Ltd. could improve its technology abilities and levels, so that they can block anyone activities on heaking the hotmail, you may imagine more and more people hope to get others password for seeking they eyes and minds. It is so terrifying thing in the world.

  14. Neila S.R.

    Actually, I feel a bit relieved that these data were published online “only”. This might mean, the addresses, telephonenumbers, etc. were not sold to fraudulent companies who would start spam- and telefone-terror on the victims.

    As it is, it looks more like a big hoax, which will hopefully teach Hotmail- and MSN-Messenger-Users to not enter their emailaddresses + passwords into any friendfinders. — And specially never ever join Programs, that promise to tell them “Who Blocked You on MSN”!

  15. Foolestroupe

    I’d just like to access pastebin – I’m locked out with some nonsense message bout being referred from some link…

  16. Laura

    me hackearon mi cuenta de hotmail no se vale quiero entrar y no puedo como puedo hacer para recuperar mi cuenta ya tengo años con ella.

  17. Pingback: La lista de contraseñas de correos electrónicos pirateadas crece « Informática

  18. Ian

    I all along suspected this’d happen. Microsoft and its intention of taking over the entire market forgets simple things like these! Some sould tell Bill Gates that he’s living past his expiry date!
    Welcome to GMAIL ladies and gentlemen

  19. Paul Krist

    YOU SHOULD HAVE, OR AT LEAST NOW, SHOULD, INTIMATE TO EACH AND EVERY OF THOSE HOTMAIL ACCOUNT HOLDERS WHOSE PASSWORDS YOU LEAKED OUT, EXPLANINING HOW VULNERABLE THE HOTMAIL PASSWORDS HAVE BEEN PROVED TO BE, AND THAT IT IS NONE OF YOUR INTENTION TO MISUSE THE PASSWORDS IN ANY WAY, BUT RATHER TO JUST CREATE AN INSTANCE BY WHICH YOUR DEBUGGING SERVICES ARE SHOWN TO BE PROFESSIONALLY AND TECHNICALLY SOPHISTICATED/ SUPERIOR. YOU SHOULD ALSO POINT OUT THAT IT IS NOW THE DISCRETION OF THE HOTMAIL USERS TO CONTINUE TO USE HOTMAIL (OR NOT) AND IN THE MANNER THEY WANT. INDEED IF YOU DO NOT DO THIS, I THINK YOU ARE LIABLE TO BE CALUMNISED AS ONE WHO MISUSED TECHNOLOGY FOR ‘CHEAP’ PUBLICITY YOUR SERVICES.

  20. Balumuthu

    It is not clear to me, and it may not, I believe, to be clear to many others, whether your ‘debugging’ technology is capable of exposing only Microsoft hotmail’s vulnerability or it is “more versatile” (say capable of decoding other mail passwords such as Google as well). Should it have such a power and versatility, it would mean that all internet mailing is likely far from perfect in terms of privacy and security.

  21. lordelph Post author

    @Balumethu: my “debugging technology” is just a site where *anyone* can post a fragment of text, in a way that is useful to a programmer.

    It has nothing to do with exposing email vulnerabilities.

    Also, the list which is going around was generated not by “hacking” Microsoft, but by asking users for their passwords. For example, in a site which promises to tell you who is blocking you if you enter your account details.

    I have had nothing to do with this list, apart from deleting it from my website as soon as I was aware it.

  22. Pingback: Arvutikaitse » Blog Archive » Hotmaili, Gmaili varastatud paroolidest

  23. Grace

    Hi, lordelph, at what date you first found email-lists were posted up at pastebin? Did you delete the list immediately when you awared it? So, how long did these list be seen at pastebin then?

  24. lordelph Post author

    @Grace: sometime between 1st and 5th Oct – I delete flagged abusive posts daily, and I certainly deleted at least one password list before the story become “news”. List was probably available for a few days.

  25. Anonymous

    all emails including .com should change their passwords, .de or .it or others are safe as i know

  26. Metis

    For all the people who are migrating to Gmail…There was also a list with Gmail, Yahoo and other accounts posted on the internet (I even thought/heard this website?), so that won’t really help.

  27. ch33ky

    What a great discovery this site is as an aspiring programmer! yes ppl, change your passwords. Thanks for a great site Lordelph I look forward to using it =)

  28. Fouad

    I can sign in to my mail inbox but I can’t get into WLM with annoying message that my contact list is not avialable plz try again l8r. any ideas?

  29. ben

    You just have write your email adress in a google page, if your mail appears with your password in a link with the word “pastebin.com” your hotmail was hacked

  30. Name

    Omfg – couldn’t u just leave the user list alone so we could check if our account is in danger? I’m not going to change my password at my 20 gmail accounts just because the password to it can be somewhere on the Internet. I’m phishing-proof so probably my accounts r safe but I won’t change my passwords AGAIN in one week ffs.

  31. elena

    me gustaria saber si me ha pasado lo ismo or q el domingo se me ffue oniendo de que me habia iniciado desd e otra ubicacion donde lo puedo saber?
    donde se cambia la contraseña me lo podeeis decir ppor favorrrrrrrrrrrrr
    gracias adiosssss
    contestarme.

Comments are closed.