On October 6th, Murad Ahmed and Elizabeth Judge reported in an article in the Times Online that Hotmail, the world's most popular e-mail provider, was the victim of an internet phishing scam. As we have previously discussed in this class, phishing is the process by which individuals are tricked into disclosing private information, including but not limited to names, passwords, and financial details, by malicious people pretending to represent a legitimate business operation.
Microsoft, owner of the e-mail service, admitted that 10,000 hotmail.com, msn.com, and live.com accounts were illegally accessed, the details of which were shared by the hacker on a website that caters to technology experts. This information has since been removed and a Microsoft spokesperson noted, "We are working diligently to help customers regain control of their accounts.
According to Tom Warren, the Neowin.net reporter who broke the case, the majority of the Hotmail accounts that were breached had European addresses and could possibly be British. This is notable as Hotmail is about one and a half times larger than its closest competitor in Britain and, with this, becomes "the latest in a long line of big organisations, from the UK Government to major banks, who have been faced with internet security breaches recently."
If this security breach is, as claimed, the result of a phishing scam, then most of the blame falls on the account holders who surrendered their private information. In this case, the compromised users should establish new accounts or change their current settings to ensure security. However, if it turns out to be the result of an error in Hotmail's operation or a direct attack on its system, then it seems that Microsoft must be held accountable to its users in some way.
Source: http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article6861965.ece
Posts
I would have to agree that this falls on the users. It amazes me how people cannot use common sense. I wonder how big of a dent 10,000 users is to a company like microsoft? It just goes to show you how much microsoft cares about their customers to go and help them retrieve their information. I don't think this will give microsoft a bad name and cause users to switch to email providers such as gmail. Unfortunately it makes you wonder what kind of information these hackers could get to. With a user name and password they could have usernames and passwords sent from other accounts such as ebay, paypal or financial companies. These users need to be very observant of any activity on any of their accounts as their private information is easily accessible.
ReplyDeleteThere are a lot of stupid people out there using the internet. There are so many warnings about not giving information but people keep doing it anyhow. Switching to gmail or yahoo or anything else wouldn't even help because they would probably just end up giving out their information again anyhow. I don't think its Microsoft's fault that their users do stupid things.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteI feel like as much as we talk about how it seems so simple to not fall for these tricks, put in a similar situation we might have fallen for them as well. Considering how often we talk about breaches in security, especially of the phishing variety, we are on the lookout for these attacks more than the average person. Therefore, I feel like most people have a good chance of not being aware of all the risks that are out there, and are therefore so much more likely to fall for an attack. We need to realize that it is not people lacking common sense or being "stupid", but that they simply don't have the information and education about the different risks that are out there. I was also impressed by how hard Microsoft is working to help people retrieve their information. It is a rare example of a company looking out for its customers.
ReplyDeleteI agree with JMS in the fact that a lot of people lack the education of the risks of using the Internet. There are people like my parents who question every click on the Internet and don’t even like to use their credit cards through PayPal because they are nervous. But then there are people who will click away at anything because they are only worried about the speed of getting the information wanted. They are unaware of the risks that they are taking with each click. What I think it is funny is that it is those people who will blame the system for any hack or failure that is made. They will never blame themselves, but they are the ones that are unaware of the security measures for users.
ReplyDeleteI have to agree that the blame here has to fall primarily on the users. I can't tell from this article whether email addresses were stolen from Microsoft and then used to send a phishing email and retrieve information, or if accounts and passwords were stolen from Microsoft and then broken into. If only email addresses were taken from Microsoft, than they are going out of their way in this situation to help users who can't seem to help themselves. By creating an email account on Hotmail or any other email provider, you are accepting the risk that comes with having such an account. I can understand that these phishing emails can be quite convincing, but users have to understand that it's their responsibility to protect their own information. I would agree with JMS that I believe it's not a lack of common sense but a lack of education about today's technology and security, but it is a user's responsibility to educate themselves if they want to protect their information.
ReplyDelete