IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft fixes Hotmail security flaw

Software giant said it's "working hard" to protect email accounts from password resetting hackers.

Password protection

Software giant Microsoft has reportedly plugged a security hole in its Hotmail email service, which allowed hackers to access accounts and reset passwords.

The problem was made public by researchers at Vulnerability Labs last week in a post on its website, which contained details of how hackers have exploited the flaw.

"[It allows] attackers to reset the Hotmail/MSN password with attacker chosen values," said the post. "Remote attackers can bypass the password recovery service [and token-based protections] to setup a new password."

If successful, hackers are then able to gain unauthorised access to Hotmail and MSN accounts, it added.

It is not know how many of the 350 million Hotmail users from across the globe had been targeted by the scam. However, it has been claimed that Moroccan hackers had been planning to use the flaw to reset the accounts of up to 13 million users.

Hackers aren't interested in breaking into email accounts because they want to read your spam. They want to steal your identity.

Moreover, a report on Sophos' Naked Security blog claims videos detailing how to exploit the flaw had been circulating on YouTube for some time.

"Hackers aren't just interested in breaking into email accounts out of curiousity or because they want to read your spam," said Graham Cluley, senior technology consultant at Sophos, in the blog post.

"No, they're also interested in stealing your identity and perhaps using an email account hack as a method to crowbar their way into other online accounts under your control."

When contacted for comment, a Microsoft spokesperson told IT Pro: "Hotmail engineering teams are working hard on not only protecting accounts, but also on recover[ing] them."

They also revealed the firm has launched a new, "streamlined" recovery tool to help affected users regain access to their accounts.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021
Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
Eight steps to fight ransomware
Whitepaper

Eight steps to fight ransomware

28 Sep 2021
The state of ransomware in retail 2021
Whitepaper

The state of ransomware in retail 2021

23 Aug 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022