Microsoft squashes Hotmail password hijack bug Microsoft has smacked down a Hotmail bug that allowed hackers to lock users out of their own accounts. Redmond took one day to slap down a glitch that allowed anyone with a Firefox add-on to remotely reset the password of a Hotmail account. The Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the …
Commentard trapped in 1998, Seeks donations of wit
Please give generously.
I got locked out of my own hotmail account a few months ago, and many many attempts to get MS to reset the password were fruitless.
They kept telling me that it was my fault for having a weak password, that there was nothing wrong with their security, that someone must have seen me type it in, etc....
Plus they didn't want to reset it because I did not know the new secret word/sentence that the attacker set.
After loads of hassle I gave up (I only really had the account for historic reasons and msn, due to some people still using it), but for those who still used MS for their main account must have had a lot of problems.
So now that it turns out it was a bug, will MS finally start agreeing to reset accounts? Ideally an apology would be nice as well, but I don't think that will happen.
I wonder how long this bug has been known about... I used to remember people telling me about their hotmail getting hacked (even years ago, before gmail for example), but never knew how it was done.
Wow that sucks... thankfully I don't really use the account anymore (the account was from 2002, so already quite old), I kept it around for the history.
Thankfully I moved away from relying on MS a long long time ago, so this doesn't affect me much, but it must really suck for those who actually use it. Perhaps this will finally push the rest of my friends off MS :)
The same thing has been happening with Yahoo accounts being hacked and passwords being reset. Recently started receiving spam from friends on Yahoo too like I was from people on Hotmail. In fact my hotmail fell victim to this too.
Great to see M$ finally solved it a year later.
These hacked Hotmail accounts are being used to create spam for sleazy web sites. It's unflattering and non-stop so my guess is that its not spam, but a vengeful attempt to create a flood of complaints against the advertised web sites. Whatever it is, I had to blacklist Microsoft's 65.52.0.0/14 this morning.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
