Tech Time Warp: Quite the Hotmail hack, eh?

You might not want to admit it, but you may still have a Hotmail account kicking around. Once your premier account—perhaps an upgrade from AOL—it may now be your throwaway address.

Once, though, Hotmail was hip—and quite a target for hackers. Hotmail and Rocketmail (later Yahoo!) were the first advertising-supported web-based email services, freeing users from ISP-tied accounts such as those provided by AOL and CompuServe. Microsoft purchased Hotmail for $450 million on Dec. 29, 1997. Prior to its Microsoft acquisition, the service had been known as HoTMaiL, for HTML. Under Bill Gates’ leadership, Hotmail became part of the MSN internet platform and grew to 50 million users by summer 1999.

Those 50 million users were part of an infamous email hack that August. Through a spokesman, a group called Hackers Unite announced in Swedish media it had gained access to every single Hotmail account using a web browser. “We did not do this hack to destroy, we want to show the world how bad the security on Microsoft really is, and that company nearly [has] monopoly on [all] the computer software,” one of the hackers said.

Security experts theorized the hack was possible due to a backdoor left on Microsoft servers, though Microsoft denied that; others suggested the security vulnerability was related to Microsoft’s single sign-in Passport service. Account access was possible by visiting a webpage that exploited a login script and typing in a Hotmail address along with the simple password “eh.” From the webpage, anyone could read or send email from a Hotmail account.

How long the security vulnerability existed is unknown. Some of the websites exploiting the login script dated back to June 1998. But once known, Microsoft issued a fix within two hours.