Microsoft Corp said Monday that passwords belonging to some users of its Hotmail email service were exposed on an Internet site, but had since been taken down.
The company did not say how many users were affected, but some reports suggested that passwords to more than 10,000 accounts were exposed.
"We are aware that some Windows Live Hotmail customers' credentials were acquired illegally by a phishing scheme and exposed on a website," a Microsoft spokesman said.
Phishing is a scam whereby fraudsters get hold of personal information by sending out emails under the guise of a bank, IT department or some other trustworthy source.
Microsoft said the passwords had been removed from the offending website, which it did not identify, and said it had blocked access to all affected accounts and was helping users to reclaim their Hotmail accounts.
The software company said the exposure of the passwords was not a breach of any Microsoft servers.