Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education



Front Page

World

UK

UK Politics

Business

Sci/Tech

Health

Education

Sport

Entertainment

Talking Point

In Depth

On Air

Archive
Feedback
Low Graphics
Help

Tuesday, August 31, 1999 Published at 17:07 GMT 18:07 UK


Sci/Tech

Hackers hit Hotmail

Hotmail: Hacked home to 40 million e-mail accounts

Microsoft has launched an investigation after a security breach gave hackers access to personal e-mail accounts on its free Hotmail service - claimed by the software giant to be the Internet's biggest.


The BBC's Carole Jones: "Microsoft were forced to shut down the system"
A previously unknown group known as Hackers Unite has claimed responsibility, the US online magazine Wired reports.

Lasse Ljung, an 18-year old from the Swedish city of Gothenburg, said that a group of eight programmers had hacked the Hotmail site to draw attention to what they say is Microsoft's spotty security reputation.


Lasse Ljung, claiming to speak for the hackers: "This is going to happen again"
Mr Ljung, claiming to speak for the group, admitted to the BBC that it did not act responsibly in publicising the access code on the Internet.

But, he said, "that was the way they wanted to show the world how bad security was".

Two-hour down time

The service was closed for more than two hours while computer experts worked to fix a problem which will be a major embarrassment to Microsoft.


Microsoft UK company director Judy Gibbons: "We responded quickly"
They wrote new code to kill a bug that allowed access to Hotmail's 40 million accounts without using the passwords designed to guarantee confidentiality.

But Mr Ljung said that as Microsoft had only fixed one server a similar breach of security could happen again.

The incident is being described by Internet analysts as a catastrophic security flaw.

The "hole" in Hotmail's security meant that full access to any Hotmail account could be gained simply by entering a special Web address (URL) containing the account holder's name. Once accessed, e-mail could be read and sent.

Details of the URL were first posted on a website in Sweden and quickly copied to a number of other websites in the UK and US. Information on how to use the URL was also posted.

Microsoft has posted an apology and says its engineers have solved the problem.

Security paramount


[ image:  ]
Microsoft spokeswoman Erin Brewer said: "Immediately we were informed of this problem we took down the Hotmail servers to ensure that our customers' privacy was not compromised.

"The security of our system is paramount and it was necessary to shut down Hotmail for a short period to stop this difficulty. We will be looking at how the information which created this problem was made public."

The software giant said the service was back up and running after a two-hour delay.

"As soon as we were notified, we got our developers and testers on it, and we were able to determine a fix," said Deanna Sanford of MSN marketing, Microsoft's Internet division.

'Up and running'

"The good news is the Hotmail servers are back up and running now and the issue has been resolved," Ms Sanford said.


[ image: Gates: Further blow for Microsoft]
Gates: Further blow for Microsoft
The company said it had not yet heard of any complaints from its customers and said that because of the speed of its reaction it did not expect to receive many.

However reports in some newspapers, including the Swedish-based Expressen which broke the story, say some of the websites that carried the URL were dated as long ago as June 1998. Websites claiming to detail various ways in which breach Hotmail's security have been available on the Net for at least this long.

Correspondents say the breach of security over Hotmail will be seen as a blow for Microsoft, headed by billionaire Bill Gates.

This is the most recent of a number of security glitches to be uncovered. Microsoft's Internet Explorer and Office products as well as its instant messaging service have also been found to be flawed.

Microsoft's position as the world's leading software provider ensures that its products are subject to intense scrutiny.



Advanced options | Search tips




Back to top | BBC News Home | BBC Homepage | ©


Sci/Tech Contents


Relevant Stories

31 Aug 99 | e-cyclopedia
Cracking: Hackers turn nasty

31 Aug 99 | Sci/Tech
Web e-mail inherently weak

31 Aug 99 | Sci/Tech
Your reaction to the Hotmail hackers

02 Sep 99 | Sci/Tech
The self-destructing e-mail

28 Jul 99 | Americas
US cyber-security plan under attack

28 May 99 | Americas
Security review after hack attack





Internet Links


Microsoft statement on the Hotmail closure

Microsoft

Hotmail

Electronic Privacy Information Center

Wired News


The BBC is not responsible for the content of external internet sites.




In this section

World's smallest transistor

Scientists join forces to study Arctic ozone

Mathematicians crack big puzzle

From Business
The growing threat of internet fraud

Who watches the pilots?

From Health
Cold 'cure' comes one step closer