One researcher isn't buying Microsoft's and Google's explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack.
Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it's more likely that the massive lists -- which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail, and other sources -- were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses.
More -
Researcher refutes Google's, Microsoft's accounts of hijacked passwords | Security Central - InfoWorld