In what security experts are calling one of the biggest security breaches of all time, Microsoft on Monday confirmed that several thousand Windows Live Hotmail account usernames and passwords were leaked to the Web. The Redmond company says the breach was likely the result of an elaborate phishing campaign.

"We determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts," a Microsoft spokeswoman said in an email to Computerworld.

Neowin.net first reported the incident, claiming that "more than 10,000" credentials had been compromised. But the number could actually be much, much larger. Neowin.net said it only saw a partial list representing usernames starting with the letters "A" and "B." Dave Jevans, the chairman of the Anti-Phishing Working Group (APWG), surmises that the actual number could be over 100,000 accounts.

"A 0.5 percent rate, which is what 100,000 users would represent, isn't unreasonable for 10 to 20 million users," Jevans said. "They wouldn't have to spam every user to get that."

According to Microsoft, Hotmail stands at 400 million registered users strong, though the company didn't say how many of those are active users.

Image Credit: serc.carleton.edu