Hotmail confirms it 'spilled' user addresses

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Hotmail confirms it 'spilled' user addresses

By Cnet News.Com, 7/13/2000

A flaw in Microsoft's Hotmail program is inadvertently sending subscribers' e-mail addresses to advertisers, the company confirmed yesterday.

The admission highlights a widespread Internet security problem known as ''data spill.''

In Hotmail, the problem crops up when people who subscribe to HTML newsletters open messages that come packaged with banner ads.

''Simply by reading the message, the leak occurs,'' said Richard M. Smith, a privacy and security expert who brought the design flaw to Microsoft's attention in June.

Microsoft ''is working on something that will eliminate this error in August,'' said Melissa Covelli, a spokeswoman. ''It requires a complete redesign to the technology of Hotmail.

''There's no evidence that any company has noticed this information, and we know that no consumer e-mail addresses have been abused,'' added Covelli, who said the company discovered the flaw a couple of weeks before Smith did.

Hotmail has about 67 million subscribers.

Since its launch, Hotmail has been haunted by problems with its free e-mail service. Last month, for instance, after a five-day outage the Hotmail Web site deleted some of its subscribers' address books, personal folders, and archived e-mails.

http://www.digitalmass.com/news/daily/07/13/hotmail_privacy.html

-- Martin Thompson (mthom1927@aol.com), July 13, 2000


Moderation questions? read the FAQ