OS/Platform/Application:

Google Gmail
Yahoo Mail
AOL Mail
Comcast Mail
Earthlink Mail
Microsoft Windows Live Hotmail

Category: UPDATE
Severity: HIGH
Attention: Commercial email users, System Administrators, Desktop Support Personnel.

Summary: Numerous Internet Security resources are reporting that a large number of email credentials (usernames, passwords, etc) were compromised and published to a public website.  Initial reports acknowledged that users of Microsoft Hotmail were put at risk by this event but the newest information available indicates that users of many other popular email applications may have been exposed as well.  At the time of this writing (12:45 PM 10/6/09) the list of email systems possibly affected by this event include those provided by Gmail, Yahoo, AOL, Comcast, and Earthlink.
 

Recommended Actions:  It is possible that the list of exposed accounts may comprise more than the list of commercial carriers listed above.  User of commercial email products are encouraged to change their passwords NOW regardless of the last time they were changed in order to minimize the risk of damage secondary to exposure of their credentials.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:
 
BBC Article (describes extent of breech):
http://news.bbc.co.uk/2/hi/technology/8292299.stm

NeoWin Article:
http://www.neowin.net/news/main/09/10/06/hotmail-phishing-attack-confirmed-20000-accounts-in-total

Windows Live Hotmail blog entry (provides details of event and remediation procedures):
http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528.entry?wa=wsignin1.0&sa=363915619

ALARM Alert 100609-01 (provides details of Hotmail event):
http://www.albany.edu/its/alerts_archive_2009_4102.htm