No. He fell for a phishing attempt, and logged onto a fake site, after being told his account would be closed if he didn't.

It's a common scam.

My 75-year old father-in-law naively responded to a phishing email purporting to be from Hotmail Customer Care requesting his account information in order to avoid having his a/c closed down as inactive.

The scammers then locked him out of the a/c and proceeded to send begging letters to his contact list at the maximum limited rate of 50 per 24 hours.

I saw the IP address of the begging letters was registered in Nigeria. After some difficulty, I was able to track down Windows Live Help who asked 16 questions in order to determine the rightful "owner" of the email address including, crucially, the IP addresses of the locations my f-i-l had accessed his Hotmail account in the past.

At the same time I contacted the scammers to arrange a money transfer and was given instructions for to make a Western Union transfer to a WU office Hounslow, London, ironically 5 minutes walk from Hounslow's main police station. An email to the police station prompted no reply.

Kudos to Windows Live Help; they sent a password reset instruction and we were able to lock out the scammers and retake control of the email account.

A similar hijack occurred to Jack Straw MP.

I recently listened to some radio doco about poor out of work GM workers. The one bloke was a line worker earning over $100k per year. On the global market he's only worth $20k or less per year, so why should he be paid 5x the going rate just because he lives in USA and produces crap cars with union protection?

Is that what you want the anti-outsourcers want the IT industry to look like?

I agree with you that the suggestion in the Reg article that "weak passwords" were the likely source of attack is actually much less likely than that Aiyar was phished. However, I disagree on the likely phishing method...

According to the linked Times of India article, it was Aiyar's personal Hotmail account at the heart of this story. Hotmail users are currently extremely heavily (if not almost exclusively) phished in the manner described in one of the Anonymous Coward comments about the father-in-law. That is, by Emails that purport to be from Hotmail admin staff and that ask their potential victims to reply to the Email with their username and password (and occasionally with other PI info), on threat that refusal will result in the account being cancelled.

Aside from being a security professional who sees this stuff every day, I've received very similar scam Emails from a friend-of-a-friend's Hotmail address which got phished just this way.

I said that the "Times of India" article said it was Aiyar's personal Hotmail account that was "hacked". I meant the "Indian Express" article...

And how is this different than Sarah Palin or Jack Straw having their accounts compromised? Wouldn't that mean that Americans and British people are also not very secure?

I would think that this makes a point about the kind of people we get as politicians all over the world.