Updated: Microsoft looks into Hotfail bug

WEBMAIL PROVIDER Microsoft is looking into a bug that is apparently affecting thousands of its Hotmail users.

We were first alerted to the problem by a reader, as, er, none of us use Hotmail. Ian, in South Africa has been unable to get into his account all week and, quite fairly, thought that there might have been a correlation between the Hotmail security updates we had reported and his being unable to access the service.

Ian, like many, many other people, had been left without access to his email for about a week - meaning that he could be missing out on millions of Nigerian oil dollars and, more likely, some actual work.

To date Microsoft has kept to its line that perhaps the user is putting their password in incorrectly, which might be the case if there has been a sudden global outbreak of amnesia.

"Microsoft are next to useless and I can't get any response from them - either technically or corporately", Ian said. "It seems from the story that this cock-up has coincided with them beefing up Hotmail security - not just a coincidence surely?"

We asked Microsoft's PR people in the UK for some explanation of the problem, and were told, "It's hard to confirm a spike in issues at the moment but we will be monitoring the issue now you have raised it." Thanks, but it has been raised already. Repeatedly.

The Hotmail team has sprung into action and has updated its Live Solutions page with information for people who have been locked out. That information, which comes under the banner "Account Compromise - Unauthorized Account Access. How to Recover Your Account", starts with the helpful information that "You've forgotten your password."

Knowing that this was unlikely to help anyone that has not forgotten their password we pressed for more information, and have been promised it. We asked the Microsoft mob exactly what was going on, how many people were affected, how many accounts might have needed re-setting, and if it had any idea of how long it would take to fix.

Keen to respond, and to be seen to be responding, the PR machine stretched out its arm and turned the official statement tombola.

"In our largest effort ever to combat Spamming, we proactively worked with the rightful owners of several known compromised accounts. These accounts represent less than 1 per cent of the total number of Hotmail accounts worldwide," we were told.

Fair, but it doesn't really answer our questions. Still, maybe this bit will. "These accounts were not compromised by any breach of the Windows Live Hotmail system. Rather, individual customer accounts were compromised through several means, including phishing scams, malware, brute force guessing of weak passwords and other malicious activities." It certainly includes words, and looks like a sentence, but again, this doesn't really answer our questions either.

Maybe Microsoft is saving the best for last, and perhaps all of those users that were locked out, through no apparent fault of their own - unless of course you take Microsoft's ‘weak passwords' insinuation to heart - and no explanation, will find some comfort in its closing lines.

"Fighting account compromise is an on-going battle, and we are committed to continuing to identify and shut down these malicious accounts."

No? You weak password having ingrates!