A total of 10,027 email addresses along with their passwords were posted on a website used more regularly by developers to share code.
The addresses range just between the letters of A and B and are apparently mostly based in Europe, but since there are 450 million Hotmail accounts out there, there's no need to immediately panic if yours falls in between those letters.
Even so, the sensible thing is to go ahead and change your password and security details immediately and if you were one of the unlucky ones, you should be at no further risk.
Microsoft has said it is aware of the claims, adding: "We're actively investigating the situation and will take appropriate steps as rapidly as possible."
Remember, never enter your email address and password somewhere you don't know – and be sure to always check web addresses in the browser bar to make sure they are what they appear to be.
Have you ever been the subject of a phishing attack? Let us know your experiences below.