Tuesday, August 31, 1999 Published at 17:07 GMT 18:07 UK
Hackers hit Hotmail
Hotmail: Hacked home to 40 million e-mail accounts
Microsoft has launched an investigation after a security breach gave hackers access to personal e-mail accounts on its free Hotmail service - claimed by the software giant to be the Internet's biggest.
Lasse Ljung, an 18-year old from the Swedish city of Gothenburg, said that a group of eight programmers had hacked the Hotmail site to draw attention to what they say is Microsoft's spotty security reputation.
But, he said, "that was the way they wanted to show the world how bad security was".
Two-hour down time
The service was closed for more than two hours while computer experts worked to fix a problem which will be a major embarrassment to Microsoft.
But Mr Ljung said that as Microsoft had only fixed one server a similar breach of security could happen again.
The incident is being described by Internet analysts as a catastrophic security flaw.
The "hole" in Hotmail's security meant that full access to any Hotmail account could be gained simply by entering a special Web address (URL) containing the account holder's name. Once accessed, e-mail could be read and sent.
Microsoft has posted an apology and says its engineers have solved the problem.
"The security of our system is paramount and it was necessary to shut down Hotmail for a short period to stop this difficulty. We will be looking at how the information which created this problem was made public."
The software giant said the service was back up and running after a two-hour delay.
"As soon as we were notified, we got our developers and testers on it, and we were able to determine a fix," said Deanna Sanford of MSN marketing, Microsoft's Internet division.
'Up and running'
"The good news is the Hotmail servers are back up and running now and the issue has been resolved," Ms Sanford said.
However reports in some newspapers, including the Swedish-based Expressen which broke the story, say some of the websites that carried the URL were dated as long ago as June 1998. Websites claiming to detail various ways in which breach Hotmail's security have been available on the Net for at least this long.
Correspondents say the breach of security over Hotmail will be seen as a blow for Microsoft, headed by billionaire Bill Gates.
This is the most recent of a number of security glitches to be uncovered. Microsoft's Internet Explorer and Office products as well as its instant messaging service have also been found to be flawed.
Microsoft's position as the world's leading software provider ensures that its products are subject to intense scrutiny.