For as little as ninety dollars, you too can gain access to ten thousand compromised Hotmail accounts in the midst of a high-profile phishing attack and security breach that's causing a feverish media frenzy on the IT security front. If you're a cyber criminal, that's basically a bargain, but then again, the cheapness of the pricing is also indicative of how low such information has become in a black market that's flooded with stolen webmail logins and the like.

One of Trend Micro's expert security researchers, Rik Ferguson, contends that the significance of the Internet publication of ten thousand Live ID login data on the PasteBin.com developer website as well as the succeeding upload of thousands of diverse AOL, Yahoo, and Gmail usernames and passwords have been grossly overestimated and exaggerated by the sensationalist media.

He argues that the speculated importance of these developments is disingenuous in the sense that the only thing noteworthy about the matter is the manner by which the credentials were exposed. In terms of its volume, he believes that ten thousand login data is peanuts and chickenfeed compared to the "thriving underground market in stolen email account credentials".

To be more precise, on any given day, the black market produces and sells a lot more than the thirty thousand or so account credentials that have been exposed in this security incident. Access to tens of thousands of accounts, perhaps even millions, can be brought at an affordable price through most underground forums. The cheapness of these bulk sales roots from the fact that spammers use compromised webmail accounts to compromise other accounts, so unsuspecting victims are more than likely to open the spam because they usually originate from "trusted sources" (i.e. , the contacts listed within a previously serviceable account).

In consideration of the current underground prices for a multitude of pilfered credentials, Ferguson deduced that the value of ten thousand Hotmail accounts will probably amount to a paltry sum of ninety dollars American, discount for buys of over ten thousand accounts included. It's not so much a massive phishing campaign as it's the first time mainstream media was ever given a rough idea of how bad the phishing situation really is. Simply put, if you thought that this sort of scam only happens to other, more careless users, you should think again.