Malicious code embedded in some WebTV newsgroups and Web pages is causing the problem, Microsoft said. Designed as a simple way to access the Internet via the television, WebTV has lately been repositioned as a provider of "enhanced television" services such as digital video recording.
WebTV, which counts about a million subscribers, is an online service that offers some specialized areas of content. The "hacker code," as Microsoft is calling it, was apparently located in this area of the network. Users have reported threatening and profane emails sent from their accounts as a result of the problem.
"WebTV did discover a piece of malicious code placed within various newsgroups and Web sites," a Microsoft spokesperson said. "When a user reads a posting or accesses a Web site, it sends off an email from the WebTV user email account to an unknown source without their knowledge."
It has not yet determined how many people were affected, when the problem first hit, or even how many Web pages or newsgroups contain the code, the spokesperson said. Another problem: The only way users can check to see if they have been affected is to check their sent mail.
WebTV is working on a fix that will be transmitted transparently to users when they log on.
The problem is the latest black eye for Microsoft on the privacy front. The software maker has suffered privacy breeches in its popular MSN Hotmail free email service, as well as previous glitches with WebTV. This same type of problem has occurred one time previously at WebTV, the spokesperson said, although she did not know when it happened or how many people were affected at that time.
"Security is very important to our users," the company spokesperson said. "We're committed to keeping customer information safe."
The code for the hack has been in circulation since September, according to Net4TV, which reports on WebTV and interactive television news. "Among other things, the code has been used to bombard WebTV's Abuse Department with profane complaints, and to cause users to unknowingly send nasty messages to others," according to the site.
"One of the problems is that there is no way within the email itself to prove that the box it came from did not originate the email," the site added.