ad info


CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH
 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz
  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet
 DISCUSSION:
 message boards
 chat
 feedback
 SITE GUIDES:
 help
 contents
 search
 FASTER ACCESS:
 europe
 japan
 WEB SERVICES:
Computing

Hotmail security hole opens door to millions of e-mail accounts
mail
On this screen, one of the sites that could be used as a gateway, users were able to enter any Hotmail user name to access the account.
mail account
Once the username was entered, anyone could send, read and forward e-mail from that account. Hotmail has over 40 million subscribers.  
 

August 30, 1999
Web posted at: 12:40 p.m. EDT (1640 GMT)

By Robin Lloyd
CNN Interactive Senior Writer

(CNN) -- Millions of free Internet e-mail accounts provided by Microsoft's Hotmail service were vulnerable to a major security breach that allowed access Monday to users' accounts.

The breach worked via several Web addresses, which prompted for a Hotmail username. Once a username was entered -- no password required -- the Hotmail account appeared and the mailbox was available. However, access failed later in the day.

The breach, reportedly the result of a bug, allowed CNN Interactive to open all accounts it tested. But e-mail messages couldn't always be opened. The bug first was reported in the Swedish newspaper Expressen's Monday editions.

The breach allowed users to read and forward a member's old messages, read new messages and send e-mail in some cases under the name of the user -- assuming the member's identity.

Hotmail boasts 40 million subscribers. The site was down for a short time, but returned early Monday afternoon.

Shortly after CNN Interactive posted the story, one of the sites, based in Stockholm, Sweden, was changed to a simple message, "Microsoft rules." Shortly after that, the URL redirected the user to a site for a new Web company. Later, it redirected users to a Microsoft security screen or returned an error message.

Other sites - situated all over the world but all using the same Hotmail gateway program -- first provided access without a password but later returned "Forbidden" messages.

A morning telephone call made to the public relations firm that handles Microsoft's publicity was referred to Microsoft's main number in Redmond, Washington.

That call was forwarded by an operator to Microsoft's Corporate Security Desk. "You should send that to abuse@hotmail.com. " said Greg Betcher, at that desk.

Erik Barkel, of Stockholm, Sweden, was listed in the domain name directory Internic as the administrator for the Swedish Web site's domain, but a call to his number did not go through.

Microsoft spokesman Adam Sohn said he was unaware of the reported bug. "I have no idea," Sohn said.

SPECIAL SECTION:
Insurgency on the Internet
RELATED STORIES:
Federal agency recruits hacker teens
August 26, 1999
Anti-gay site goes back to rightful owners
August 23, 1999
Hackers, IT consultants embrace free security tool
August 13, 1999
Hacking group reveals IP-security glitch
August 13, 1999
Hacking your way to an IT career
August 13, 1999
Microsoft says "crack this!"
August 6, 1999
RELATED SITES:
Microsoft
Hotmail
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help
Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.