Hotmail security hole opens door to millions of e-mail accounts
August 30, 1999
By Robin Lloyd
(CNN) -- Millions of free Internet e-mail accounts provided by Microsoft's Hotmail service were vulnerable to a major security breach that allowed access Monday to users' accounts.
The breach worked via several Web addresses, which prompted for a Hotmail username. Once a username was entered -- no password required -- the Hotmail account appeared and the mailbox was available. However, access failed later in the day.
The breach, reportedly the result of a bug, allowed CNN Interactive to open all accounts it tested. But e-mail messages couldn't always be opened. The bug first was reported in the Swedish newspaper Expressen's Monday editions.
The breach allowed users to read and forward a member's old messages, read new messages and send e-mail in some cases under the name of the user -- assuming the member's identity.
Hotmail boasts 40 million subscribers. The site was down for a short time, but returned early Monday afternoon.
Shortly after CNN Interactive posted the story, one of the sites, based in Stockholm, Sweden, was changed to a simple message, "Microsoft rules." Shortly after that, the URL redirected the user to a site for a new Web company. Later, it redirected users to a Microsoft security screen or returned an error message.
Other sites - situated all over the world but all using the same Hotmail gateway program -- first provided access without a password but later returned "Forbidden" messages.
A morning telephone call made to the public relations firm that handles Microsoft's publicity was referred to Microsoft's main number in Redmond, Washington.
That call was forwarded by an operator to Microsoft's Corporate Security Desk. "You should send that to firstname.lastname@example.org. " said Greg Betcher, at that desk.
Erik Barkel, of Stockholm, Sweden, was listed in the domain name directory Internic as the administrator for the Swedish Web site's domain, but a call to his number did not go through.
Microsoft spokesman Adam Sohn said he was unaware of the reported bug. "I have no idea," Sohn said.
Federal agency recruits hacker teens
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.