Programmers in mainland China discovered the flaw sometime last year, a source familiar with the exploit told ZDNet China. This person, who spoke on condition of anonymity, said Chinese hackers have successfully created MSN Explorer 9 premium accounts that provide free access to 30MB of online storage and a 25MB e-mail in-box, as well as to applications such as MSN Money Plus.
The exploit takes advantage of a modified installation file in MSN Explorer 8.5 that allows Web surfers to upgrade to MSN Explorer 9 by using fake high-speed Internet accounts from Verizon Communications. The crack grants free access to MSN Explorer 9 premium services that come bundled with Verizon's DSL (digital subscriber line) service under a co-marketing deal struck in 2002. Verizon DSL and MSN premium services are not currently marketed in China.
A Microsoft representative said the exploit poses no security threat, nor does it jeopardize subscriber information. He added that Microsoft and Verizon are taking "immediate steps" to fix the problem.
"There is no customer impact whatsoever," the Microsoft representative said in an e-mail. "It is a case of users exploiting and taking advantage of a hole."
The flaw comes to light as MSN seeks to shift its businesses from dial-up Internet access to high-end broadband services. Microsoft currently counts about 9 million subscribers. But it has recently lost dial-up customers to high-speed access rivals, leading it to focus its efforts on broadband customers who get their connections from third parties such as Verizon. MSN competitors, including America Online and Yahoo, have also been developing and marketing similar products.
ZDNet China's Hai Li and Wang Dan reported from Beijing. CNET News.com's Jim Hu contributed to this report.