Microsoft Plugs Hotmail Hole

Welcome Guest. | Log In| Register | Membership Benefits

August 30, 1999 (12:59 PM EDT)

By Malcolm Maclachlan,

Microsoft's Hotmail free e-mail service went back up around 10 a.m. PST Monday, after the company took it down for about an hour to deal with a major security breach.

The problem involved a website that posted an HTML script, which could be used to access accounts by typing in a user name. Once inside, someone using the script could read, erase, or send mail from the account.

Even if a user was currently using their account, an intruder would have been able to read messages but not send and erase them.

Hotmail has more than 40 million users who access their accounts by typing a user name and password into a Web page.

Microsoft has fixed the system so the script will no longer be able to access accounts, said Microsoft spokeswoman Luana Hancock.

The company learned about the breach early Monday morning from the European media and immediately took the Hotmail site down, Hancock said.

"We determined that it was possible for a hacker with very specific knowledge of advanced Web development languages to gain access to accounts," he said.

However, while identifying and posting the HTML code may have been the work of an advanced hacker, the breach caused a great deal of concern among Web users because the simple script posted on the site would have allowed anyone with access to the Web to break into Hotmail accounts, Hancock said.

There are no reports of any other Web-based e-mail services being affected.