Microsoft fixes Hotmail security flaw

Software giant said it's "working hard" to protect email accounts from password resetting hackers.

Password protection

Software giant Microsoft has reportedly plugged a security hole in its Hotmail email service, which allowed hackers to access accounts and reset passwords.

The problem was made public by researchers at Vulnerability Labs last week in a post on its website, which contained details of how hackers have exploited the flaw.

"[It allows] attackers to reset the Hotmail/MSN password with attacker chosen values," said the post. "Remote attackers can bypass the password recovery service [and token-based protections] to setup a new password."

If successful, hackers are then able to gain unauthorised access to Hotmail and MSN accounts, it added.

It is not know how many of the 350 million Hotmail users from across the globe had been targeted by the scam. However, it has been claimed that Moroccan hackers had been planning to use the flaw to reset the accounts of up to 13 million users.

Hackers aren't interested in breaking into email accounts because they want to read your spam. They want to steal your identity.

Moreover, a report on Sophos' Naked Security blog claims videos detailing how to exploit the flaw had been circulating on YouTube for some time.

"Hackers aren't just interested in breaking into email accounts out of curiousity or because they want to read your spam," said Graham Cluley, senior technology consultant at Sophos, in the blog post.

"No, they're also interested in stealing your identity and perhaps using an email account hack as a method to crowbar their way into other online accounts under your control."

When contacted for comment, a Microsoft spokesperson told IT Pro: "Hotmail engineering teams are working hard on not only protecting accounts, but also on recover[ing] them."

They also revealed the firm has launched a new, "streamlined" recovery tool to help affected users regain access to their accounts.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021
Report: Security staff excluded from app development
cyber security

Report: Security staff excluded from app development

20 Jan 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

20 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal
collaboration

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit
hacking

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021