Skip to main content

Microsoft Fixes Hotmail Password Vulnerability

Microsoft has swiftly issued a fix that solves a very serious weakness in its Hotmail webmail service, one which may well have been behind the successful hacking attempt that hit PC Pro's editor, Barry Collins a few days ago (ed : Barry says no)

The bug apparently allowed any individual to reset the password of a Hotmail account which locks out the legitimate owners and allows the attacker to take over the Inbox.

It has been reported that the vulnerability has been actively used to take over accounts and there are claims that some hackers offered to take Hotmail accounts for as little as $20 or £12.

The service, which is by far the most popular web-based email service, has more than 350 million users and single sign-on login details tied to Hotmail and Windows Live will be fundamental for future Microsoft services like Skydrive, Windows 8, Windows Phone and even Zune, especially as it gives access to a wealth of personal details.

The news come a few days after Microsoft rolled out Skydrive to an even wider audience, a move which caused many to revive their old, unused Hotmail accounts which if active would give their owners up to 25GB worth of free storage (rather than 7GB).

Sources : BBC (opens in new tab), PC Pro (opens in new tab)

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.