Hotmail users may have recently been left locked out of their email accounts, after hackers learnt to exploit a loophole that enabled them to remotely change the passwords on many accounts.
The threat was initially thought to be minor, until individuals began to exploit it frequently, with some even offering to ‘break in’ to a Hotmail account for $20 (£12). The hacker would exploit the flaw in the Hotmail website, enabling them to change the account password without the owner’s knowledge, thus giving them full control of an email account.
Websites began to spring up, offering the hack as a service, presumably for those who wish to snoop through others email accounts. Video tutorials even started to appear on YouTube.
An email account password would be changed by interfering with the process that occurs when a user actually wants to change their email account password on the Hotmail website. Data passes between the Hotmail website and the user’s PC, and it’s here that the hacker can intercept and gain access to the account, using an add-on for the Firefox web browser.
Researchers discovered the problem earlier on this month and reported it to Microsoft, so it begs the question: why wasn’t it fixed sooner?
Thankfully Microsoft has issued a quick fix for the problem, restoring the safety of users’ accounts. It’s not something you have to download or install yourself; rather Microsoft updated the Hotmail website so that it now returns an error message when the exploit is attempted.
It’s currently not know just how many Hotmail and Live email users have been affected, although with the service being the largest web email provider with over 350 million users, the numbers could get pretty high. Hotmail users, perhaps it’s time to try out Gmail?