It wasn't until the lines of code appeared in Expressen that people realized how vulnerable Hotmail really was. The utility allowed anybody who wanted to to create a Web page that would allow them log into any Hotmail account. Once the word was out, dozens of pages such as this one were created to take advantage of the security hole. Unfortunate programmers at Microsoft, which owns Hotmail, were rousted out of bed at 2 AM Pacific time to address the problem. By 9 AM Hotmail was offline. Sometime yesterday afternoon hackers reported that the security breach had briefly re-opened, but by the end of the day it had been closed for good, according to a statement posted by Hotmail on its site. MORE >>
How Bad Was the Hotmail Disaster?
"For those who use the web-based HotMail free
e-mail service, the following code will save you
several minutes each day." With these innocent
words, posted to the newsgroup
comp.lang.javascript on January 4, a well-meaning
computer programmer is believed to have set in
motion the worst privacy disaster in the short
history of the Internet. Yesterday a Swedish
newspaper called Expressen published the
programmer's work, a simple utility designed to
save time by allowing Hotmail users to circumvent
that pesky password verification process when
logging into their accounts. The result? As many
as 50 million Hotmail accounts were made fully
accessible to the public. Now that the damage
has been done, what have we learned?