Responses:

ebuyerfb says

2:25 am on 06/10/2009

According to an article I read those Microsoft is stating those passwords were discovered through phishing and not through hacking.

Don Riggins says

1:20 pm on 06/10/2009

Phishing sites typically only bring 100-150 credentials with a really successful delivery system and a friendly ISP to not remove it immediately. Even a typical phishing campaign being “extremely” productive will only 2,000.

The fact that 10k+ were found, and that Microsoft is wanting the entirety of the 2.1 million users to change the password speaks to the fact it was more than likely a network compromise than a phishing page.

Albeit, something to mention is most of the emails were from the UK so take from that as you will.

still trading says

2:42 pm on October 6th, 2009

we think its more to do with stupid buggers, than site compromise

there are millions of idiots out there,

Richard says

2:58 pm on October 6th, 2009

There’s a lot more than 2.1 million hotmail users, no idea where you got that figure from, it’s in the tens of millions, one source quoting 145 million which sounds about right to me, hotmail’s been around and free for a very long time.

Chris Dawson says

4:06 pm on 06/10/2009

It’s almost certainly phishing – there have been new lists published with email addresses from Yahoo!, AOL, GMail as well as Hotmail/MSN/Live

still trading says

5:07 pm on 07/10/2009

sales must be down with the anti virus software companies, if I ran that sort of company
I would pay money for a story such as this to break every now and then