More than 10,000 Hotmail passwords were posted online yesterday, but users of other popular webmail services haven't been let off the hook. A similar phishing attack exposed another 20,000 user/password combinations, so consider resetting your own login credentials.
The BBC reports seeing a list of 20,000 usernames and passwords at a site normally used to exchange programming code snippets — temporarily shut down at the moment. Many appeared fake, expired or unused, but others were verified real by the BBC and came from Gmail, AOL, Yahoo, Hotmail and its Live.com derivatives.
Concerned? Fair enough, but there are plenty of countermeasures. These usernames and passwords were obtained by phishing, or fake web sites used to capture usernames and passwords. Reinforce the trickiness of the situation by judging the examples in the Phishing IQ test, train yourself to avoid phishing entirely by going directly to web sites to log in and take the time to choose and remember strong passwords.