A hotmail phishing scam that took over more than 10,000 accounts proved to be problematic as a combination of severe hacking and good spelling made the attack particularly convincing.
Emails arrived seemingly from friends claiming to be in dire need and requiring money transfers. One claimed that the sender had been mugged in South Africa and needed some funds desperately.
A BBC article from back in October say that accounts and passwords had been published in several places online including pastebin.com since October 09, and that the accounts had been open for phishing scammers since then. One source said that hotmail addresses beginning with a or b had been intially targeted. Though Microsoft acknowledged the problem at the time, it seems they have done little to help - or warn - customers.
Graham Cluley, consultant at security firm Sophos, told BBC News the published list may just be a subset of a longer list of compromised accounts. "We still don't know the scale of the problem," he said.
Confused customers were having a hard time getting any help from Microsoft.