Microsoft rushes fix after hackers compromise Hotmail accounts

Microsoft rushed to fix a major vulnerability in its Hotmail email service that had allowed hackers to reset account passwords and lock out the account's real owners. News of the critical bug spread among hackers, such that they offered to break into Hotmail accounts for as little as $20, computer security firm Sophos said. "It appears that the vulnerability existed in Hotmail's password reset feature. Hackers were able to use a Firefox add-on called Tamper Data to bypass the normal protections put in place to protect Hotmail accounts," Sophos said in a blog post. Also, it cited reports that Moroccan hackers were actively exploiting the situation and planned to reset the passwords of 13 million Hotmail users. Worse, several videos in Arabic were posted on YouTube showing how the flaw could be exploited. Sophos theorized the hackers aimed to steal Hotmail users' identities and access other online accounts of the victims. "What isn't known is just how many of Hotmail's 350 million users might have been impacted by the serious security vulnerability – Microsoft certainly isn't saying," it said. — LBG, GMA News