Microsoft Responds to Hotmail Security Issues

SAN JOSE, Calif., Aug. 24, 1998 — Hotmail from Microsoft Corp. has confirmed that unauthorized parties may be able to breach Hotmail service password security.

Hotmail is committed to protecting its members and their accounts and takes even the smallest e-mail security risk very seriously. Hotmail is devoting significant resources to fixing this and will do so as quickly as possible.

The security vulnerability could occur when an unauthorized party intentionally sends a Hotmail member an e-mail message containing embedded JavaScript code in order to steal the member’s password. When the Hotmail member views the message, the JavaScript code mimics Hotmail asking the Hotmail member to log in again. During the re-login process, the Hotmail member’s user name and password are sent to the unauthorized user via e-mail.

Hotmail advises

members not to open mail from unknown sources. In addition, Hotmail recommends that members who unexpectedly receive a log-off prompt do not respond to the
re-login prompt but go back to the home page by typing
into the browser.

Microsoft’s award-winning Hotmail is the world’s leading free Web-based electronic mail service with over 22 million members and more than 100,000 new accounts established each day. With offices in Sunnyvale, Calif., the company offers globally accessible, easy-to-use and feature-rich personal e-mail to its members. Hotmail was acquired by Microsoft Corp. in December 1997 and is now part of the Microsoft Interactive Media Group. Hotmail is a leader in

consumer advocacy and is widely recognized for its strong anti-spam measures. To sign up for Hotmail, go to .

Founded in 1975, Microsoft (Nasdaq
) is the worldwide leader in software for personal computers. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day.


Microsoft is either registered trademark or trademark of Microsoft Corp. in the United States and/or other countries.

Other product and company names herein may be trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at on Microsoft’s corporate information pages.

Related Posts