Hotmail, Microsoft's free e-mail service, was knocked offline for a short while Wednesday after malicious hackers discovered a security loophole that made it possible to read Hotmail customers' e-mail, Microsoft has confirmed.
"Information was made public by a hacker that could put MSN (Microsoft Network) Hotmail users at risk," a spokeswoman for Microsoft confirmed. "We've worked quickly to implement a fix on all the Hotmail servers."
The Hotmail service was taken offline for "less than an hour" this morning while the fix was implemented, said the spokeswoman, who didn't want to be identified. Hotmail's servers have since been secured against the attack, and Microsoft isn't aware of any users who were affected, she added.
The security loophole was exploited by sending a Hotmail user an e-mail message that contained a particular HTML (hypertext markup language) attachment. When the user opened the attached file, a program was launched which intercepted their Hotmail cookie and e-mailed it back to the hacker.
"Since the cookies are used for authentication, whoever receives them can then log into Hotmail as that user," and read that person's e-mail, according to Peacefire.org, a company that monitors bugs and which posted a description of the Hotmail flaw on its Web site.
Hotmail is encouraging users not to open attachments from people they don't know and trust, the spokeswoman for Microsoft said.
Security experts issued similar warnings last week when the "I Love You" computer virus emerged. While that virus was very different from the Hotmail security flaw, both are triggered when a user opens an e-mail attachment.