Security hole knocks Microsoft's Hotmail offline

Hotmail, Microsoft's free e-mail service, was knocked offline for a short while Wednesday after malicious hackers discovered a security loophole that made it possible to read Hotmail customers' e-mail, Microsoft has confirmed.

"Information was made public by a hacker that could put MSN (Microsoft Network) Hotmail users at risk," a spokeswoman for Microsoft confirmed. "We've worked quickly to implement a fix on all the Hotmail servers."

The Hotmail service was taken offline for "less than an hour" this morning while the fix was implemented, said the spokeswoman, who didn't want to be identified. Hotmail's servers have since been secured against the attack, and Microsoft isn't aware of any users who were affected, she added.

The security loophole was exploited by sending a Hotmail user an e-mail message that contained a particular HTML (hypertext markup language) attachment. When the user opened the attached file, a program was launched which intercepted their Hotmail cookie and e-mailed it back to the hacker.

"Since the cookies are used for authentication, whoever receives them can then log into Hotmail as that user," and read that person's e-mail, according to Peacefire.org, a company that monitors bugs and which posted a description of the Hotmail flaw on its Web site.

Any Web-based e-mail service that uses cookies and accepts e-mail messages containing JavaScript could be vulnerable to the attack, the spokeswoman for Microsoft said. Hotmail has fixed the problem, and users don't need to take any action to protect their e-mail from the attack, she added.

Hotmail is encouraging users not to open attachments from people they don't know and trust, the spokeswoman for Microsoft said.

Security experts issued similar warnings last week when the "I Love You" computer virus emerged. While that virus was very different from the Hotmail security flaw, both are triggered when a user opens an e-mail attachment.

Join the newsletter!

Error: Please check your email address.

More about MicrosoftMSN

Show Comments

Market Place