Late last night (Monday 5th) news emerged that 10,000 Hotmail accounts details were posted on the Internet, containing both email addresses and passwords.
However, this lunchtime it has come to light that further account details have been revealed, mainly from users with Gmail accounts.
The BBC learned of the news and got word from Google that it had been targeted as part of an “industry-wide phishing scheme”. BBC News has seen details of more than 30,000 names and passwords since Monday evening.
Google has stressed that the scam was “not a breach of Gmail security” but rather “a scam to get users to give away their personal information to hackers”.
Other firms hit by that attack and posting of details are Yahoo, Comcast, Earthlink and AOL amongst a small number other service providers.
The BBC also confirmed that some of the accounts appear to be old, unused or fake. However, they did confirm that many – including Gmail and Hotmail addresses – were genuine.
It is still not clear over what duration the details were gathered or whether the new list is part of the same phishing attack that collected the Hotmail addresses or a separate scam.
The best practice for those affected, or worried that they may have been affected would be to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their antivirus software. Users are also advised to change their passwords as soon as possible and not to use a similar, variation, of their old password.
If users do use the same password for other sites, again, best practice would be to change those account passwords too.
The posting of the lists have now been removed from the sites they were published on.