Password reset flaw could hand over control of email account to hackers
Microsoft has rushed out a fix to combat a bug in the password security of its Hotmail email platform.
The bug allowed hackers to reset the password for the accounts of unsuspecting Hotmail users, thereby taking over control of the account.
Details of the bug emerged in early April, the BBC reports, and Microsoft was made aware shortly after that. The bug involved the process of resetting a Hotmail password. Reports said.
The BBC added that add-ons available for the open source Firefox browser let hackers take control of the data that was passing between the user and Hotmail’s servers, giving them control of the account.
News of the exploit quickly spread online and hackers were offering to access Hotmail accounts for as little as $20 a time, according to reports. A "how-to" video even appeared on YouTube, offering a guide to hacking Hotmail accounts.
It has not been confirmed exactly how many accounts were compromised but Sophos has claimed hat Moroccan hackers, "ere actively taking advantage of the vulnerability and planned to reset the passwords of a list of 13 million Hotmail users in their possession."
Microsoft released a short and sweet statement on the matter, saying it was resolved: "On Friday, we addressed an incident with password reset functionality; there is no action for customers, as they are protected," the company claimed.