New Hotmail Exploit Can Get any Hotmail Email Account Hacked for just 20$
A very severe bug in the Hotmail Website came to light recently. A critical vulnerability allowed anyone to remotely change the password of any Hotmail account. The underground hacking scene was abuzz with hackers who hacks any hotmail email accounts for as little as 20$.
The exploit was first discovered by a Hacker from Saudi Arabia who is a member of the popular security forum dev-point.com. Apparently the exploit got leaked to the dark-web hacking forums. All hell broke loose when a member from a very popular hacking forum offered his service that he can hacked “any” email accounts within a minute.
Must read: Top 10 Windows Antivirus Software of 2013
The exploit eventually spread like wild fire across the hacking community. Many users who linked their email account to financial services like Paypal and Liberty Reserve were targeted and the money looted away. While many other lost their Facebook and twitter accounts. Rare accounts with two letter and three letter like ab@hotmail, xxx@hotmail where looted away.
The exploit in itself was a very simple one. It involves using a Firefox addon called Tamper Data which allows the the user to intercept the outgoing HTTP request from the browser in real time and modify the data. All the attacked had to do was to select the “I forgot my Password” and select “Email me a reset link” and start the Tamper Data in firefox and modify the outgoing data. Numerous youtube videos have come up to demonstrate the proof of concept. Googling the Phrase” ثغرة الهوتميل 2012 “will bring up several videos demonstrating the same .
Microsoft is yet to offer an official declaration of the vulnerability. Many users, especially from the Middle east countries notified the company in their support forums but the damage was already done by then. The Company offered a temporary fix on 20th April that brought an end to the mayhem. Now every time a hack is attempted on the reset page a “Server Error” is displayed.
But the rumour has it that there exit another critical vulnerability but it’s knowledge is limited to only the hackers who frequent the dark web. They are lying low with the exploit now to prevent another leak to the mass and thus ensure a quick patch by the company. The legitness of the reports is however questionable.
UPDATE:
We have received many queries regarding the new 0 day exploit which is yet to be patched. For the time being we can only advice you to monitor your email accounts closely.
Even our website came under Ddos attack on 17 april because of leaking the information to the public. Rest assured, our team is actively scorching the deep web to find out more information. Be sure to check this space! For the members who wanted a more detailed explanation about the old exploit, please download the full video demonstration of the hack from here.
Keep checking Whitec0de for more updates. If You Wish To Write Articles For Whitec0de Magazine, then Click Here.
Gosh! hacking is really taking its toll. It really scares those who have Hotmail accounts. Hope it’ll stop!
Yes i have heard that Hotmail security team is working on it.
This kind of news really pisses me off. Why does one invent something that can harness somebody’s privacy and security. Glad that somebody’s making way for this to stop!
Hey guys watch this he published it today and notified msrc on 20th again ;)
I think this is a real good team which did not scare anybody and helped to locate http://www.vulnerability-lab.com/get_content.php?id=529
When i read a post like this we sell 20$ i really get scared by these blackhats. When i read the report of the labs guy then i think it was a good job.
pissed off lost 2 hotmail accounts and my xbox 360 account has gone tits up very pissed off look on YOUTUBE F IN HACKERS EVERYWHERE
Darn, I heard this is fixed now. I would have paid a fortune to have that guy hack into a particular hotmail account for me.
I would have paid allot too Jason….my husband was/maybe still is cheating on me using his hotmail acct to communicate with his ‘girlfriend’….he promised me it is over but won’t tell me his hotmail password….(what does that tell ya–I know maybe he is still e-mailing her)…problem is we have been married 40 some odd years yrs…I am 65 and need surgery on both knees….can’t walk right now….anyway….I really do still love him….(but I’d like to know if he is still ‘at it’…
Big Lols @ above comment ^^
Im an experienced hacker.My team & I can hack any email id (yahoo,gmx,gmail,hotmail,rocketmail,sina.com,etc),irrespective of the reason,ie monitoring cheating spouses,protecting a family member,get ur compromised account back,delete a mail u dont want the target to get,payback or whatever personal or non-personal reason you may have for a reasonable fee.I always provide proof before payment so you know you are not being scammed. The victim will not realize that he/she has been hacked.Send me a mail “zetabug (at) gmx (dot) com”.We try to reply every client ASAP & execute the project in the quickest time-frame possible.Cheers
The email address u’ve provided didnt work.I tried to contact u.
Give you contact , i will pay you for each hotmail that i want you to hack.
a3teijmj EMAIL -PASSWORD
I need to gain access to a account, I will pay for the password but i can only pay after i have the password but I will give you £1000 for doing it. johnsonjack048@gmail(dot)com
may i asking ,, is this true .. as am really have a medical Reports i need to print
it fast as I’ll making an Operation on January,19,2013 in Germany, all doctors name Evan all my medical information and every personal data , plzz i heed help
with akef69@hotmail.com or transfer all data and other folders to 69akef@gmail.com
thanx and am ready to pay also for recover just plzz any one say it’s true .
Hi guys, First of all, Im one of the dev-point.com members and the hotmail exploit has been closed for ages. after hacking 1000 emails in the middle-east. However there are still hackers who can hack any email and website they want. The strange thing is that there is a website which sells emails and exchange them. Have a look at this website http://www.x3x.com/Email-Mono-Binary.htm
thanks guys
m0hs
q-_@hotmail.fr
[...] in question contains controls to power sources for the entire United States, understanding these vulnerabilities and preparing for the worst is [...]