Microsoft has swiftly issued a fix that solves a very serious weakness in its Hotmail webmail service, one which may well have been behind the successful hacking attempt that hit PC Pro’s editor, Barry Collins a few days ago (ed : Barry says no)
The bug apparently allowed any individual to reset the password of a Hotmail account which locks out the legitimate owners and allows the attacker to take over the Inbox.
It has been reported that the vulnerability has been actively used to take over accounts and there are claims that some hackers offered to take Hotmail accounts for as little as $20 or £12.
The service, which is by far the most popular web-based email service, has more than 350 million users and single sign-on login details tied to Hotmail and Windows Live will be fundamental for future Microsoft services like Skydrive, Windows 8, Windows Phone and even Zune, especially as it gives access to a wealth of personal details.
The news come a few days after Microsoft rolled out Skydrive to an even wider audience, a move which caused many to revive their old, unused Hotmail accounts which if active would give their owners up to 25GB worth of free storage (rather than 7GB).