Microsoft fixes Hotmail security flaw

Software giant said it's "working hard" to protect email accounts from password resetting hackers.

Password protection

Software giant Microsoft has reportedly plugged a security hole in its Hotmail email service, which allowed hackers to access accounts and reset passwords.

The problem was made public by researchers at Vulnerability Labs last week in a post on its website, which contained details of how hackers have exploited the flaw.

"[It allows] attackers to reset the Hotmail/MSN password with attacker chosen values," said the post. "Remote attackers can bypass the password recovery service [and token-based protections] to setup a new password."

If successful, hackers are then able to gain unauthorised access to Hotmail and MSN accounts, it added.

It is not know how many of the 350 million Hotmail users from across the globe had been targeted by the scam. However, it has been claimed that Moroccan hackers had been planning to use the flaw to reset the accounts of up to 13 million users.

Hackers aren't interested in breaking into email accounts because they want to read your spam. They want to steal your identity.

Moreover, a report on Sophos' Naked Security blog claims videos detailing how to exploit the flaw had been circulating on YouTube for some time.

"Hackers aren't just interested in breaking into email accounts out of curiousity or because they want to read your spam," said Graham Cluley, senior technology consultant at Sophos, in the blog post.

"No, they're also interested in stealing your identity and perhaps using an email account hack as a method to crowbar their way into other online accounts under your control."

When contacted for comment, a Microsoft spokesperson told IT Pro: "Hotmail engineering teams are working hard on not only protecting accounts, but also on recover[ing] them."

They also revealed the firm has launched a new, "streamlined" recovery tool to help affected users regain access to their accounts.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Hotmail.co.uk migration to Outlook.com: Qs answered
Software

Hotmail.co.uk migration to Outlook.com: Qs answered

11 Nov 2019
Hotmail.co.uk migration to Outlook.com: Qs answered
Software

Hotmail.co.uk migration to Outlook.com: Qs answered

11 Nov 2019
Lookout reveals mobile-first endpoint detection and response solution
Security

Lookout reveals mobile-first endpoint detection and response solution

21 Oct 2020
Cisco finds an increase in security concerns due to remote working
Security

Cisco finds an increase in security concerns due to remote working

21 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020