A potential Hotmail exploit has come to light recently. The exploit holds a critical vulnerability associated with the password re-set function of a Hotmail account, as well as how the email service handles user data while communicating with the server.
Unfortunately, as soon as the bug surfaced on the Internet, underground hacking groups were offering to hack email accounts for $20.
The exploit was first discovered by a hacker in Saudi Arabia, who is also a member of the reputed security forum Dev-Point.com, according to whitec0de.
The Internet was abuzz with talk of email accounts being hacked by members of the hacking forum, within minutes of the exploit being leaked. Several Hotmail users, in addition, lost money as well, as hackers looted linked PayPal and Liberty Reserve accounts. Some others lost access to Facebook and Twitter accounts as well and even obsolete two letter and three letter accounts like firstname.lastname@example.org and email@example.com were not spared.
The exploit involves a Firefox add-on by name Tamper Data, which allows the hacker to intercept the outgoing HTTP request from the browser in real time and modify the data. For those discerning Hotmail users, numerous YouTube videos are out to demonstrate the working of the hack in real-time to help prevent the hack.
Micorosft finally found a way to fix the bug and updated Hotmail to close the loophole. According to BBC, the new update prompts the Hotmail servers to return an error when attackers try to manipulate data exchanges and users are being assured that no further action is necessary.
However, it is as yet unclear how many Hotmail accounts were hacked by attackers exploiting the bug. Nevertheless, the victimised users will know once they will find they are locked out of their Hotmail account.