Here’s even more information on the phishing scam previously posted on this blog. Brig McCoy posted the following on the KANLIB listserv, from Slashdot, but as some of this blog’s readers are not in Kansas, I thought it was still a good idea to repost his email here. Please read this to the end.
“It seems as if the massive phishing campaign reported yesterday was not specific to Hotmail, as was initially believed. According to a report by the BBC, many Gmail and Yahoo Mail accounts have also been compromised. Earthlink, Comcast, and AOL were also affected. While the source of the latest attacks has not been determined, many are pointing to the same bug that claimed at least 10,000 passwords from Microsoft Windows Live Hotmail. Microsoft has done their part in blocking all known hijacked Hotmail accounts and created tools to help users who had lost control of their email. An analysis of the data from Hotmail showed the most common password among the compromised accounts to be ’12345.’ On their end, Google responded to the attacks by forcing password resets on the affected accounts.”
Re-read that next-to-last sentence… a password of ’12345′? Please use better passwords… take the first letters of a sentence, for instance.
Sigh. “
Remember the blog post several few months ago on the 500 worst passwords of all time and also mentioned at this year’s Tech Day during the Cloud Computing presentation? Now would be a very good time to check that list and if one or more of your passwords are found on that list, please change it/them now!
Heather Braum is the Technology Librarian at NEKLS. She can be reached by phone, by email (hbraum (at) nekls.org), or through several online chat services (look Heather up by her email address). Visit the 
