Quick fix for Hotmail password bug

Hotmail screengrab Videos were posted online showing the bug being used to hijack email accounts

Related Stories

Microsoft has rushed out a fix for a serious bug in its Hotmail webmail services.

The bug allowed a hacker to reset the password for a Hotmail account, locking out its owner and giving the attacker access to the inbox.

The fix was put together because the bug was starting to be actively exploited online.

One security news site reported that some hackers were offering to hack Hotmail accounts for $20 (£12).

Computer security researchers discovered the vulnerability in early April and told Microsoft about it soon afterwards. The bug revolved around the way Hotmail handles the data that must pass back and forth when a user wants to reset their password.

Details of the bug leaked out and led to attackers trying to find a way round it.

Using add-on tools for the Firefox browser, hackers realised they could tamper with the data passing between a user and Hotmail servers in a way that handed them control over an account they targeted.

As knowledge of the bug spread, some started offering to hack accounts for cash and others posted YouTube videos of Hotmail accounts being taken over in real time.

It is not clear how many Hotmail accounts have been hacked by attackers exploiting the bug. Those who have fallen victim will know because they will find they are locked out of their Hotmail account.

With the bug being "actively exploited", Microsoft found a way to fix it and updated Hotmail to close the loophole a day or so later. Now Hotmail servers return an error when attackers try to manipulate data exchanges.

Microsoft issued a short statement about the fix and said no further action was needed by customers.

Hotmail is the world's largest web-based email service and Microsoft claims that it has about 350 million users.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.