Microsoft has launched an investigation after thousands of people's Hotmail passwords were briefly posted on a website.
Microsoft spokesman Lou Gellos said in a statement they were aware of the breach and were recommending people change their password.
"We are working diligently to help customers regain control of their accounts," Gellos said.
Technology bloggers believe the addresses were gained through a phishing scam. Phishing involves using fake websites to lure people into revealing personal details such as bank accounts or login names and passwords.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally and exposed on a website. Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," according to the statement.
Hotmail is among the large web-based email services. According to technology blog Neowin.net, most of the email addresses were European and began with the letters A and B.
Neowin claims the details were posted for one day last week to pastebin.com, a website commonly used by developers to share code. The addresses have since been removed.