Neowin reported that on October 1, a user posted more than 10,000 account names(includes @hotmail.com, @msn.com and @live.com accounts.) and passwords to pastebin.com. The entry is deleted but neowin reports that they have verified that the accounts are genuine.
If you are having any of the @hotmail.com, @msn.com and @live.com accounts, it is recommended that you change your password and security question immediately. You can check whether you were in the list or not by visiting you can check it here. But remember their list may not be complete.
Update 2: Microsoft has now fully confirmed our reports. According to a Microsoft spokesperson "over the weekend Microsoft learned that several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers. As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts."
read more from official post