Microsoft has confirmed officially that sensitive data for several thousand Windows Live Hotmail accounts has been leaked in the wild. The details, including the passwords and usernames necessary to access the Hotmail accounts, were published on Pastebin. Microsoft has asked the website to remove the data as it was informed of the credentials leak. According to the Redmond company, the investigation into the matter revealed that the leaked data was not the result of a hack of the Hotmail service. Instead the software giant is pointing out that Hotmail users had fallen victim to phishing schemes.

“Over the weekend Microsoft learned that several thousand Windows Live Hotmail customers’ credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts,” a member of the Windows Live Hotmail team noted, confirming a report from Neowin.

Phishing refers to fraudulent online activities in which attackers attempt, and even succeed, in obtaining sensitive data, including passwords and credit card credentials, from unsuspecting users through social engineering. In this specific case, the attackers most likely posed as Microsoft, or the Windows Live Hotmail team, and asked victims to virtually hand over their passwords. As a general rule to keep sensitive data safe, users should never reveal confidential information when requested to do so, even if the request comes from what appears to be a legitimate source.

“Phishing is an industry-wide problem and Microsoft is committed to helping consumers have a safe, secure and positive online experience. Our guidance to customers is to exercise extreme caution when opening unsolicited attachments and links from both known and unknown sources, and that they install and regularly update their anti-virus software.” If you believe you’ve been a victim of a phishing scheme, it’s very important that you update your account information and change your password as soon as possible,” the Windows Live Hotmail team member added.

Users in general, and those of Windows Live Hotmail in particular, should be aware that Microsoft will never ask for their sensitive information via email, IM messages, or through any other medium. Any requests for information such as passwords should be treated as a phishing attempt and disregarded.

Microsoft “recommends customers use the following protective security measures: Renew their passwords for Windows Live IDs every 90 days. For administrators, make sure you approve and authenticate only users that you know and can verify credentials. As phishing sites can also pose additional threats, please install and keep anti-virus software up to date.”