Washington State

Office of the Attorney General

Attorney General

Bob Ferguson

Thousands of personal e-mail passwords belonging to Gmail, Hotmail, Yahoo, AOL, Earthlink and Comcast users were posted online after a phishing scheme targeted users of Gmail, Hotmail and others, according to news reports.

News reports indicate the companies believe the passwords were obtained through phishing, but at least one researcher blames a botnet attack. A message on Microsoft's Windows Live Spaces site says company has blocked access to potentially exposed accounts.

You can check if your account was on the list. Thomas Springer, of serversniff.net (http://serversniff.net/index.php),  reportedly tracked down the lists of 40,000 accounts, put them in a database and made a simple site for queries. The site asks only for the first part of your email address (before the @).

{UPDATE:}  A few consumers have asked whether this is just a phishing site. I'll be frank - I wasn't familiar with the Web site either. Thomas Springer lists a German address. But the site was referenced by Computerworld and other reputable publications so I felt OK including the site here -- especially since it doesn't ask for passwords. Note that he himself suggests that you change your password. See http://beta.serversniff.de/mailaccount-faq. The site apparently has been unable to keep up with the massive traffic as a result of people checking its database, so it's experienced a few crashes. 

S M T W T F S
 
 
 
 
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30