CNET News.com: Microsoft orders security audit after Hotmail breachSep 10, 1999, 19:45 (3 Talkback[s])
(Other stories by Courtney Macavinta)
"Microsoft pulled Hotmail offline for about two hours August 30 after two European Web sites alerted the company that any Net user could access any Hotmail account without a password as long as a user's name, commonly found in a Hotmail email address, was known. ...although Microsoft said it fixed the security problem the same day, it has decided to go a step further by testing the integrity of Hotmail, which has more than 40 million active members.
'We have voluntarily invited a third-party firm to conduct its own inquiry and present us with their findings,' Microsoft spokesman Tom Pilla told CNET News.com. Microsoft, in conjunction with Truste, had planned to disclose the news on Monday. Truste is a nonprofit group that acts as a privacy watchdog."
"Microsoft wouldn't provide the name of the auditing firm, which will review Hotmail security but not the security of Microsoft's other Web sites that collect personal information from users.
The move by Microsoft was apparently prompted by complaints made to Truste, which is expected to publish the so-called watchdog reports publicly. Microsoft is a premier sponsor of Truste and carries the program's licensed seal, which informs Web users about precautions a site is taking to protect their privacy."
"This is not Truste's first investigation into Microsoft privacy practices. In March, Truste looked into a feature in Microsoft's Windows 98 operating system that could be exploited to collect information about authors of electronic documents without their knowledge through a unique identification number."