Microsoft has been swift to work on a fix for the Hotmail password bug which if left untreated, would have enabled a hacker to reset the password for a Hotmail account, locking out the account’s owner in the process while offering the attacker full access to the Inbox. This fix was rushed out because the bug had started to be a genuine threat, and actively exploited online in recent times. In fact, a security news site did report that several hackers actually offered to hack Hotmail accounts for a mere pittance – to the tune of $20 (£12).
This bug occurred due to the way Hotmail handles data which needs to travel back and forth whenever one wants to reset their password. As details of the bug hit the Internet, attackers started to discover for themselves a way to get around it. Thanks to add-on tools for the Firefox browser, hackers figured out that they are able to manipulate the data that passed between a user and Hotmail servers in a manner that also gave them control over a particular account. With around 350 million users, it was prudent for Microsoft to issue a fix to this Hotmail password bug at such speeds.