Hotmail security breach : LUSENET : TimeBomb 2000 (Y2000) : One Thread

To anyone using a Hotmail account:
Hotmail has been cracked in a major way. There is a web page out there that lets you type in anyone's Hotmail account. It will then actually log you in to that account. You can read all the email there, send new mail, whatever. No, I won't list the address here, but I've tried it and it works. If you have anything private there I strongly suggest you delete it.

-- Shimrod (, August 30, 1999


Shimrod--You would be doing everyone here a great service if you gave the website, I'll give my reason why. I'm trying to locate me son's soon-to-be exwife. She's writing hot checks, wiped out my sons savings account, and keeps sending threatening e-mails. Her e-mail address is a Hot Mail address and if I can locate her that way, I can have the police go pick her up. You help in this is appreciated.

-- can't say who 4 now (can'tsaywho4now@can', August 30, 1999.

I would if I could get in there.

The word must be out because the server is just not responding.

I don't have anything super private there, but I was using it for the "anonymity" of it all.

-- nothere nothere (, August 30, 1999.

I'd rather not post the address...since a lot of people here use hotmail, I don't want to make things hard for them. If someone is writing hot checks, it shouldn't be too hard to get access via a subpoena. Yahoo has rolled over for lesser offenses.

-- Shimrod (, August 30, 1999.

Update: The webpage has been removed from the site. Most likely under pressure from Microsoft, I'm guessing. This does not mean that the security hole no longer exists, just that this particular "service" exploiting it has been taken down due to publicity.

-- Shimrod (, August 30, 1999.

CNN article posted a little while ago

-- Shimrod (, August 30, 1999.

Shimrod--If I knew where she was at, I would issue a subpeona, that's my whole problem. The account she's writing the checks on is from a closed account 3 years ago. Good people get screwed and the wicked just keep getting away with it.

-- can't say 4 who now (can'tsaywho4now@can', August 30, 1999.

I think she means to send a subpeona to Hotmail so they can give you the info.

-- R (, August 30, 1999.

Sorry, Can'tSay, the page was taken down by the time I saw your post anyway. But what I meant is that you can subpoena Hotmail. You don't have to know where she is. All the webmail services will happily turn over account information if requested to by law enforcement. There have been several well-publicized cases in which someone was shielding their identity via a webmail account, and got busted when the service turned over all information. It doesn't even need to be a criminal warrant--just a subpoena from a civil court will do it, which has raised some privacy concerns.

Anyone who really wants to shield their identity should probably use, which strongly encrypts your mail so even they can't read it--but only if another hushmail user sends the mail, unfortunately.

-- Shimrod (, August 30, 1999.

Can't Say,

"R" is correct. You subpoena Hotmail and make them divulge the information they have on your wife. Talk to a lawyer who has experience with this sort of thing.

-- Prometheus (, August 30, 1999.

Can't say

I'm sick of your whining about bad checks. Go somewhere else, like to the police. NOW!!!!!!!

-- (, August 30, 1999. Hotmail accounts compromised Web page apparently let visitors see thousands of personal e-mail account without a password By Bob Sullivan

MSNBC Aug. 30  Apparently thousands, if not millions, of personal e-mail accounts hosted at Microsoft's were compromised over the weekend. Thanks to the work of a computer hacker, viewers visiting at least two Web sites, and possibly more, were able to view personal e- mail accounts simply by entering a hotmail user name. Microsoft, which didn't immediately comment, has apparently plugged the security hole this morning. JUST HOW LONG Hotmail e-mails were compromised was not immediately known. But hundreds of visitors to the bulletin board site suggested users there had successfully tested the Web pages and cracked into personal e-mail accounts without needing passwords. One of the mirror sites for the hack was registered to Erik Barkel, of Stockholm, Sweden. In response to an e-mail sent to the site, a writer with the alias "erikb" told MSNBC: "I didn't code the thing. I did host a mirror of it. The mirror is gone. Thank you."

That author also said the story was originally broken by a Swedish Web site, He also said the original site for the hack was hosted by a Web site ending in .uz, which indicates it was located in Uzbekistan.

The administrator of another mirror site told MSNBC the hack was just one line of computer code  a single URL, really  which could be entered into any Web browser. He said the exploit took advantage of Microsoft's new Passport feature, which allows users to click through MSN sites without having to log on separately at each site.

Posters to indicate the security hole was closed at about 10 a.m. ET Monday.

(Microsoft is a partner in MSNBC.)

The source code for creating a copycat of the Hotmail hack Web site was readily available, and at least one mirror version of it was still up at 12:30 p.m. ET. The hack no longer worked, however.

In an obvious sarcastic jab, visitors to the original Hotmail hack site are now being redirected to Microsoft's security bulletin Web site.

Calls to Microsoft were not immediately returned.

The Hotmail site appeared to be functioning normally at midday Monday, and there was no mention of the break-in.

-- (just@helping.out), August 30, 1999.

Well SH*T where have I been, I did not know this and I thought I was a pretty smart cookie!

"Sick of this thread"--I'm sick of being screwed cause it doesn't feel good! But I bet if you were on the receiving end of a bad check you would be begging to find out where the slut lives! Okay, now I feel better.....

Thanks for the info, I'll get my court order and see what happens.

-- can't say who 4 now (can'tsaywho4now@can', August 30, 1999.

7 pm Eastern, according to Wired News a slight variation on the original hack still works.

-- Shimrod (, August 30, 1999.

Can't Say get her pasword question. Long shot.. but I have heard some can do it..

-- cassandra (, August 30, 1999.

Moderation questions? read the FAQ