Microsoft says it has fixed a serious vulnerability in Hotmail, that was allowing hackers to reset account passwords, locking out the account’s real owner and giving attackers access to users’ inboxes.
News of the critical bug spread rapidly across underground hacking forums, and Whitec0de reported earlier this week that hackers were offering to break into any Hotmail account for as little as $20.
It appears that the vulnerability existed in Hotmail’s password reset feature. Hackers were able to use a Firefox add-on called Tamper Data to bypass the normal protections put in place to protect Hotmail accounts.
According to some reports, Moroccan hackers were actively taking advantage of the vulnerability and planned to reset the passwords of a list of 13 million Hotmail users in their possession.
Numerous videos, many…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.