Microsoft Corp. worked quickly Monday to close a security hole that allowed anyone with Web access to view the e-mail of Hotmail users.
Two Web sites, one in Sweden and the other in the United Kingdom, were allowing anyone who knew someone’s Hotmail user name free access to their e-mail account without knowing that user’s password.
Shortly before noon, Hotmail plugged the Swedish redirect and anyone going to that site was taken to the Hotmail security page. Earlier Monday, Hotmail took most of its system offline in order to plug the security gap. Access was restored in phases, shortly after 12:30 p.m.
Microsoft (MSFT) officials could not be reached for comment on the problem. However, according to published reports, the problem was due to a bug in a start script that processed login requests and handed off users to Hotmail servers.
News of the bug first appeared in Sweden’s Expressen newspaper. Reporters there say they learned of the problem from readers and notified Microsoft early Sunday.