Microsoft has rushed out a fix for a critical security flaw in its Hotmail email service's login process, in a bid to stop hackers taking control of users' accounts.
Microsoft's security team confirmed it has fixed the password security flaw in a message on Twitter.
On Friday we addressed a reset function incident to help protect Hotmail customers, no action needed— Security Response (@msftsecresponse) April 26, 2012
The flaw was originally discovered by Vulnerability Lab researchers who explained that the flaw allowed hackers to hijack Hotmail users' accounts.
"The vulnerability allows an attacker to reset the Hotmail/MSN password with attacker chosen values. Remote attackers can bypass the password recovery service to setup a new password and bypass in place protections," read the research note.
"Successful exploitation results in unauthorised MSN or Hotmail account access."
Hacker and security groups have previously warned that there is a second "critical vulnerability" in Hotmail being exploited by hackers - though as noted by the WhiteC0de security blog, no evidence has emerged to prove this rumour.
"[R]umour has it that there exists another critical vulnerability but its knowledge is limited to only the hackers who frequent the dark web," read the blog post.
V3 has contacted several leading security researchers to try and verify the authenticity and plausibility of the second critical security flaw rumour, but at the time of publication had received no reply.
The exploit follows warnings from PriceWaterhouseCoopers (PwC) that the threat from cyber crime in the UK is rising, with the number of attacks targeting British company's doubling over the last year.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches