Afternoon:
14°c
The theft of passwords for more than 10,000 Hotmail accounts was blamed on an online scam today.
Microsoft said a so-called "phishing" attack was responsible for the mass acquisition of log-in details that were later published online.
The technology giant said none of its servers was responsible for the security breach and individuals were conned into handing over their details.
Up to 21 million people and businesses who use the Hotmail service in the UK were warned they are potentially at risk of being defrauded after passwords were acquired illegally.
Around 10,000 passwords were obtained by hackers who created a fake website identical to Hotmail's to fool users into entering their email address and password in a 'phishing' scam.
Reports now claim that another list of over 20,000 email addresses and passwords is circulating, which contains the details for Gmail, Yahoo! Mail, AOL, Comcast and Earthlink accounts.
Hotmail Officials blocked access to all of the accounts listed, including Hotmail, Windows Live and MSN web-based email accounts.
Users who have lost use of their email were being directed to an online registration form to reclaim access.
Phishing attacks are becoming increasingly common online and pose a serious threat to all internet users.
Hackers and cybercriminals attempt to trick people into handing over personal details, including email addresses and passwords.
Internet users may be directed to false websites, set up to mirror legitimate websites, that feed valuable information back to the criminals.
News of the scam broke yesterday when technology blog neowin.net reported an anonymous user had published confidential details on pastebin.com.
The list detailed more than 10,000 accounts starting from A through to B, suggesting further details may be held.
Internet users are urged to change their passwords regularly and ensure anti-virus software is up to date to protect themselves from fraudsters.
A Microsoft spokesman said: "We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website.
"Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation.
"As part of that investigation, we determined that this is not a breach of any Microsoft servers.
"Subsequently, we are taking measures to block access to all of the accounts that were exposed and have resources in place to help those users reclaim their accounts."
She added: "Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience."
:: If your account has been blocked visit: http://tinyurl.com/5myxyw
