According to foreign media reports, Microsoft recently announced that it has fixed a password reset system vulnerability in Hotmail, which allows hackers to control their network mailbox accounts. It is reported that this vulnerability exists in the Hotmail password reset function. Hackers can use the Firefox plug-in Tamper Data to intercept HTTP Password Reset requirements, change Data, lock and enter the user account.
In early April, computer security personnel discovered this vulnerability and soon notified Microsoft. However, details of the vulnerability were leaked in online forums. Earlier this week, it was said that the price for hackers to break each account was only $20.
Microsoft announced that it had released a vulnerability fix patch. Microsoft said on its security response Twitter, "on Friday, we fixed the password reset vulnerability, and everything is now ready ."
It is reported that the number of Hotmail accounts affected by this vulnerability is unclear. Moroccan hackers have used this vulnerability to steal 13 million Hotmail accounts.
Graham Cluley, Senior Technical consultant at software security company Sophos, said: "If Hotmail users cannot log on to their accounts for unknown reasons, they may be vulnerable to hacker attacks. Hackers are not only interested in cracking accounts, but also keen to steal user identity information or attack more accounts by attacking accounts ."
Last year, Google, Yahoo, and Hotmail users suffered a series of phishing attacks. Hackers obtain an online email account and then use this account to send phishing emails to thousands of accounts.