Microsoft has rushed out a fix for a serious bug in its Hotmail webmail services.
The bug allowed a hacker to reset the password for a Hotmail account, locking out its owner and giving the attacker access to the inbox.
The fix was put together because the bug was starting to be actively exploited online.
One security news site reported that some hackers were offering to hack Hotmail accounts for $20 (12).
Computer security researchers discovered the vulnerability in early April and told Microsoft about it soon afterwards. The bug revolved around the way Hotmail handles the data that must pass back and forth when a user wants to reset their password.

source/full story: bbc