Update on Hotmail:Scam hits more e-mail accounts

The scale of a phishing attack originally thought to be directed at Hotmail may be larger than previously thought. BBC News has seen a list of more than 20,000 more names and passwords that have been posted online. The list contains e-mail addresses and passwords from Hotmail, Yahoo, AOL, Gmail and other service providers. The list was published on the same website as the original list of 10,000 Hotmail login details. Some of the accounts appear to be old, unused or fake. However, BBC News has confirmed that many - including Gmail and Hotmail addresses - are genuine. Other addresses include Comcast and Earthlink accounts. It is not clear whether the list was part of the same phishing attack that collected the Hotmail addresses or a separate scam. Phishing involves using fake websites to lure people into revealing details such as bank account details or login names. A spokesperson for Microsoft said phishing was an "industry-wide problem". "Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software." Password change Technology blog neowin.net was the first to publish details of the original attack. It said the accounts were posted on 1 October to pastebin.com, a website commonly used by developers to share code. The Pastebin website is currently down for maintenance. Its owner, Paul Dixon, told Neowin that it had received "an unprecedented amount of traffic". "Pastebin.com is just a fun side project for me, and today it's not fun. It will remain offline all day while I make some further modifications," he told Neowin. Security expert Graham Cluley of Sophos advised users to change their passwords as soon as possible. "I'd also recommend that people change the password on any other site where they use it," he said. About 40% of people use the same password for every website they use, he added.