Microsoft has confirmed Neowin's initial report, saying, "several thousand Windows Live Hotmail customer's credentials were exposed on a third-party site due to a likely phishing scheme." Redmond has determined that its internal data has not been breached, and it is working to help users regain control of their accounts.
Neowin is reporting that thousands of Windows Live Hotmail passwords may have been compromised
in a "hack" or phishing scheme. The site caught word of an anonymous post on pastebin.com, a service that allows users to upload and publicly display snippets of text like source code.
The post contained the names and passwords of over 10,000 accounts from A through B, most of which seemed to be based in Europe. The Microsoft Windows Live Hotmail accounts include those that end in @hotmail.com, @live.com, and @msn.com. Neowin reported this information to Microsoft's Security Response Center as well as PR folks in both the US and UK.
Microsoft has stated that it is "investigating the situation and will take appropriate steps as rapidly as possible." In the mean time, it would probably be a smart move to change the password and security question to your Windows Live account, no what it begins with alphabetically.