Microsoft has blocked a website that could allow Hotmail accounts to be hijacked.
The problem stems from a cross-site scripting flaw in an MSN web page, ilovemessenger.msn.com, that allowed hackers to gather data on Hotmail accounts by building a special web page and getting users to click on the URL.
Microsoft has now shut down the web page and is investigating the problem.
"Our initial investigation suggests that an attacker may have been able to take advantage of this issue to obtain user cookies by enticing a user to click on a malicious URL that would then allow the attacker to access a user's Hotmail account," said the company in a statement.
"Microsoft will restore the 'I Love Messenger' website once the investigation is complete and the issue has been resolved. Users attempting to connect to the website are currently being redirected to www.messenger.msn.com."
Dutch student Alex de Vries, also known as 'Eierkoek', found the problem and shared the information with computer security enthusiasts on 4 June.
"With this exploit you can access other people's mailboxes, view their contacts and much more," he said.
"All that needs to be done is to send this user an email with a link/URL to an internet page you created. When the user clicks on this URL, his inbox is all yours."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago