Microsoft fixes HotMail bug - 30 Aug 1999

Microsoft Corporation has fixed a bug in its free HotMail service that allowed hackers to gain access to any user accounts using a simple Web address. The fix required the HotMail system to be pulled offline for a few hours Monday, temporarily taking away email access for the service's 45 million users.

"Once we were notified [of the problem,] we began investigating," a Microsoft spokesperson said Monday. "We found it was possible for a malicious hacker to gain access to the Hotmail servers through specific knowledge of advanced Web development languages. We turned off the servers in the interest of security and user privacy. We have now resolved the issue, and all Hotmail servers are restored."

The HotMail bug--which is sure to raise anew problems with security on the Internet--is particularly troublesome because of the ease in which anyone could gain access to other people's email accounts. Contrary to comments by the company about "advanced Web development languages," taking advantage of the bug required only a basic understanding of how browser URL addresses work. Using the proper simple text string, typed into the Address bar of any Web browser, it was possible to access address books, read, send, and delete mail, or do anything else that a legitimate HotMail user would do