Hotmail users feeling burned

Users aren't amused at Microsoft's Hotmail security breach.
Written by Lisa M. Bowman, Contributor

Warnings of corporate espionage and admonitions that "you get what you pay for" spread across the Internet as users learned of a major security hole in Hotmail that could let anyone spy on their accounts.

Microsoft fixed the glitch Monday morning, but it's unclear how many of Hotmail's 40 million to 50 million users were affected, or for how long. Hotmail is a free email service Microsoft bought in December 1997 that lets users check messages from multiple locations and accounts via a Web browser.

The glitch allowed visitors at certain Web sites to enter a user's Hotmail account with only a user name. They could then read, delete and send email from the Hotmail account without ever entering a password. Some people who discovered those Web sites worked quickly to snoop on friends and co-workers.

"Microsoft finally closed this hole, but not before everybody at my company was finished with each other's inbox," someone called "Ender" wrote in a posting to the ZDNet Talkback section. "Very interesting reading, including at least one individual who was finalising his interviews with a competitor's company."

Another reader noted that many people forward their business email accounts to their Hotmail address, so they can read it on the road. "I wonder how much this security breach will mean in terms of industrial espionage," the reader, who used the name PR, said in the Talkback section. Others cautioned that because Hotmail is free, users shouldn't expect too much. But some were just plain mad, and expressed their frustration through using naughty word symbols. "I'm so appalled; my *#($( email is on Hotmail and I cannot BELIEVE they haven't fixed this yet," wrote one person in an email to ZDNet.

Still, many people weren't aware of the problem as late as Monday afternoon. It's likely that stories of the fallout will circulate in the coming days. After all, those who took advantage of the glitch could've wreaked havoc on an unsuspecting Hotmail user's account -- by sending out or spying on messages containing private passwords, secret business plans, or salacious love letters.

"If you have or know someone who has a Hotmail account then they'd better worry a little," wrote Ridwan Hughes in a posting on the Deja.com newsgroup site.

Hotmail support workers said users will be able to tell if their account has been infiltrated by looking to see if unread messages have been marked as read, and by looking in the trash to see if others have been tossed out.

Editorial standards