The Windows Live Team Blog writes:

Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts.

Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.”  If you believe you’ve been a victim of a phishing scheme, it’s very important that you update your account information and change your password as soon as possible. More information on what to do is available on this page at our support community.

Microsoft recommends customers use the following protective security measures:

  • Renew their passwords for Windows Live IDs every 90 days
  • For administrators, make sure you approve and authenticate only users that you know and can verify credentials
  • As phishing sites can also pose additional threats, please install and keep anti-virus software up to date

Answers to a few general questions about phishing scams...