[I’ve been neglecting this space for the last few weeks… this was published on the BBC News site on October 9]
If you use a web-based email service then here’s a public service announcement. Tufty the Squirrel says ‘Change your password. Now. Before you read the rest of this column. And if you use your webmail password for any other services go and change it there too.’
OK, assuming you’ve done that, we can discuss the apparent plundering of tens or even hundreds of thousands of login details from Hotmail, Yahoo! Mail, Gmail and other web-based email services, revealed last week when a partial list of ten thousand addresses was posted to – and quickly withdrawn from – the Pastebin code-sharing website and details of another 30,000 accounts were posted elsewhere.
The compromised email addresses seem to be the result of a number of phishing exercises, where fake websites are set up to harvest login credentials from those who can be tricked into visiting the phishing site instead of the authentic home page for their service provider, and not related to any security flaws in the webmail services themselves.