Updated: Hotmail users getting locked out

A second account holder locked out of Hotmail gets access restored after intervention from CNET.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

June 4, 2008 10:41 a.m. PT

2 min read

As a follow-up to last week's story on Hotmail users getting locked out, the second account mentioned has been restored.

Last Wednesday, Hotmail account holder Will showed CNET an e-mail verifying that he notified Microsoft on May 2 that his Hotmail password had been changed without his knowledge. Microsoft support staff responded with the following message: "Thank you for your message to MSN and Windows Live Privacy. I understand you are having difficulties accessing your MSN Hotmail account because you believe someone has gained unauthorized access to your account. For assistance with this issue, please contact the MSN Support staff using the (following) form."

Will filled out the form, and several weeks passed. Last Wednesday, he told CNET he had received no further response from Microsoft.

Account hijacking, where someone else steals your password and then changes it to deny you access, is a problem that affects not only Hotmail, but AOL and even eBay.

In a statement to CNET, a Microsoft representative said, "We can't comment on the specifics of a particular investigation. However, we can say that attempts to hijack accounts through a variety of means (for example, phishing scams, keystroke logging, and any number of other known security threats) occur against all online proprieties on an ongoing basis. Microsoft is constantly working to help ensure the security and privacy of its customer accounts."

Once again, the Microsoft representative put the fault for the lockout on the user. "In addition, we continue to recommend that customers always exercise appropriate caution and safeguards to protect their account information online, whether for their Windows Live accounts, banking accounts, or any other accounts they have online. Microsoft provides information on online safety and security, including specific guidance on how to help protect your Windows Live ID account security."

But Microsoft didn't answer our direct question: Why did it take a month, plus intervention from CNET, to restore Will's account?

Perhaps this e-mail statement comes the closest to a possible explanation: "As an FYI, we found the original communication to Will in response to his request, but per his e-mail to you, it seems for whatever reason, he did not receive it. We appreciate you flagging the issue, as we make it a practice to respond to all customer issues in a timely manner."