Hotmail accounts left vulnerable due to a programming bug
25. May 2011
From the list of the fortune 500 companies, the only reason why Microsoft is one of the most notable of them is because of the company’s outstanding history and intrinsic value. Microsoft corporation, which started from scratch 35 years ago, has one of the biggest cash reserves and best team of computer engineers to do their bidding for them. But it turns out that even this large army of computer experts, did not stop the company to have a bug deployed on its website, which according to reports from security vendor, has helped hackers to access the Hotmail accounts of a large number of users.
The report, which was commissioned by the security vendor Trend Micro , said that the website of the company had a programming glitch, a common but dangerous bug known as the cross site script error, which was not fixed by the Microsoft staff for at least a week. The bug not only allowed the hackers to access the email ids of thousands of Hotmail users but it also gave the hackers an insight of the contact list of the people.
This all started with a person from Taiwan getting an Chinese language email which claimed that thousands of Hotmail email ids are being hacked from an obscure location. The message looked like a Facebook alert but it was actually a malicious message which contained a hidden script that even allowed the hackers to gain access to the email accounts of the people who would get this email forwarded to them. The hackers could only access the mails if the users were logged in their email accounts, but they could view the emails even when the unsuspecting victim would just open the forwarded mail.
According to Trend Micro, even though this bug was first discovered in May 12, the problem was not fixed by the company until May 20 on Friday. But this one week buffer lead to the hacking of around 3000 email addresses, which means that Hotmail may potentially lose its piece of the email consumer market.