Gregg Keizer reports:

One researcher isn’t buying Microsoft’s and Google’s explanation that hijacked Hotmail and Gmail passwords were obtained in a massive phishing attack.

Mary Landesman, a senior security researcher at San Francisco-based ScanSafe, said it’s more likely that the massive lists — which include approximately 30,000 credentials from Hotmail, Gmail, Yahoo Mail and other sources — were harvested by botnets that infected PCs with keylogging or data stealing Trojan horses.

Landesman based her speculation on an accidental find in August of a cache of usernames and passwords, including those from Windows Live ID, the umbrella log-on service that Microsoft offers users to access Hotmail, Messenger and a slew of other online services.

That cache contained about 5,000 Windows Live ID username/password combinations, said Landesman, who found the trove while researching a new piece of malware. “From the organization [of that cache] and what the data looked like in raw form, I think it’s more likely that this latest was the result of keylogging or data theft, not phishing,” Landesman said.

Read more on Network World.