There was an update late yesterday, but I didn't have a chance to post it here.

Here is the link:

http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528.entry

Hotmail Phishing Attacks Spread to Other Email Services

"security firms and the BBC said Tuesday that the attack extended to other services, including those run by Google and Yahoo as well as AOL, EarthLink and Comcast. Google told the news service that it was aware of the incident and has reset the passwords of affected Gmail users".

http://blogs.wsj.com/digits/2009/10/06/hotmail-phishing-attacks-spread-to-other-email-services/?mod=yahoo_hs

"...What value do stolen email accounts have? Two primary scams come to mind.

1. The hackers are able to penetrate the trust barrier. Your webmail account often contains a list of friends, family and acquaintances who trust you. This enables the attacker to victimize these contacts by virtue of their relationship with you.
2. Logging into your account hackers are able to determine what other online services you use, and are able to perform password resets. This widens the net of identities they can capture and potentially enables them to reset your passwords to bank accounts, online payment systems, and other critical accounts.

If it is not already clear, reset all of your passwords. Be more vigilant than ever about clicking links in emails, even links on search engines. Only provide your credentials to websites that provide the service for which the user ID belongs..."

More here:   http://www.sophos.com/blogs/chetw/g/2009/10/06/hotmail-heist-update-release/