Microsoft today have fixed a password bug in their Hotmail email service, in which a hacker could gain access to an account and change the users password, thus not only locking the user out of their account, but potentially stealing sensitive data.
“Microsoft says it has fixed a serious vulnerability in Hotmail, that was allowing hackers to reset account passwords, locking out the account’s real owner and giving attackers access to users’ inboxes.
News of the critical bug spread rapidly across underground hacking forums, and Whitec0de reported earlier this week that hackers were offering to break into any Hotmail account for as little as $20.
It appears that the vulnerability existed in Hotmail’s password reset feature. Hackers were able to use a Firefox add-on called Tamper Data to bypass the normal protections put in place to protect Hotmail accounts.”
Read the full article at NakedSecurity blog from Sophos HERE