Via Slashdot comes a CNN article which states the South Korean MSN website (located at was compromised earlier this week, possibly allowing users' login information to be stolen. As with some many other Windows security problems, the culprit seems to have been an unpatched operating system:

The Korean site, unlike U.S. versions, was operated by another company, which Microsoft did not identify. Microsoft's own experts and Korean police were investigating, but Microsoft believes the computers were vulnerable because operators failed to apply necessary software patches, said Sohn, an MSN director.

Despite not being a Korean MSN user, I am still disturbed by Microsoft's handling of the incident. From the article:
Microsoft said it was trying to decide whether to issue a broad public warning to recent visitors of the Korean site as it examines its own records to attempt to trace anyone who might have been victimized.

I would think that a public disclosure, combined with a suggestion for users to change their passwords, would be the best course of action for Microsoft if their users' security was their primary concern. Of course, if they were more concerned about their public image, I would not be surprised if they chose to pursue a policy of private notification. Regardless, notification through a means other than electronic mail would be best.