Feeds

back to article Microsoft squashes Hotmail password hijack bug

Microsoft has smacked down a Hotmail bug that allowed hackers to lock users out of their own accounts. Redmond took one day to slap down a glitch that allowed anyone with a Firefox add-on to remotely reset the password of a Hotmail account. The Tamper Data add-on allowed hackers to siphon off the outgoing HTTP request from the …

COMMENTS

This topic is closed for new posts.
Joke

At Least It Is Not Communism

..so never mind. Thunk if it happened on these nasty Linux machines !!!!

2
3
Silver badge

Re: At Least It Is Not Communism

Commentard trapped in 1998, Seeks donations of wit

Please give generously.

11
3
Ogi
Meh

So what about those of us that got locked out?

I got locked out of my own hotmail account a few months ago, and many many attempts to get MS to reset the password were fruitless.

They kept telling me that it was my fault for having a weak password, that there was nothing wrong with their security, that someone must have seen me type it in, etc....

Plus they didn't want to reset it because I did not know the new secret word/sentence that the attacker set.

After loads of hassle I gave up (I only really had the account for historic reasons and msn, due to some people still using it), but for those who still used MS for their main account must have had a lot of problems.

So now that it turns out it was a bug, will MS finally start agreeing to reset accounts? Ideally an apology would be nice as well, but I don't think that will happen.

I wonder how long this bug has been known about... I used to remember people telling me about their hotmail getting hacked (even years ago, before gmail for example), but never knew how it was done.

4
1
Bronze badge
Terminator

Re: So what about those of us that got locked out?

You're pretty much S.O.L.

The previous wave of Hotmail break-ins had the side-effect of killing off community forums because the forum owner couldn't connect with his or her hotmail account. No help from Microsoft then, either.

2
1
Ogi
Linux

Re: So what about those of us that got locked out?

Wow that sucks... thankfully I don't really use the account anymore (the account was from 2002, so already quite old), I kept it around for the history.

Thankfully I moved away from relying on MS a long long time ago, so this doesn't affect me much, but it must really suck for those who actually use it. Perhaps this will finally push the rest of my friends off MS :)

2
2
FAIL

Bummer! Yahoo! Can't! Do! The! Same! With! Their! Yahoo! Mail!

The same thing has been happening with Yahoo accounts being hacked and passwords being reset. Recently started receiving spam from friends on Yahoo too like I was from people on Hotmail. In fact my hotmail fell victim to this too.

Great to see M$ finally solved it a year later.

1
4
Bronze badge
Windows

Too late

These hacked Hotmail accounts are being used to create spam for sleazy web sites. It's unflattering and non-stop so my guess is that its not spam, but a vengeful attempt to create a flood of complaints against the advertised web sites. Whatever it is, I had to blacklist Microsoft's 65.52.0.0/14 this morning.

1
1
Anonymous Coward

What's not ben mentioned

is how these Windows Live accounts can also be used to empty Xbox360 accounts.

Microsoft are being VERY quiet on that, after making such a noise about Sony's trouble (that resulted in nothing real being actually taken)

1
1
Silver badge
Stop

Re: What's not ben mentioned

Microsoft are being VERY quiet on that

After Sophos proved it was impossible, I expect they felt little need to comment.

Nice try, Barry.

2
1
Anonymous Coward

Send reset email to Hotmail account

Once had a problem resetting the password on a Hotmail account.

Hotmail insisted on sending the password reset link to the same account, to which I'd forgotten the password to!

1
1
Meh

Like many others who've been around (digitally) for a while,

I once had a Hotmail account. Fortunately, I long ago discovered that there exist alternatives....

Henri

0
1
This topic is closed for new posts.