"Microsoft has admitted that for the last seven months up to 200 million Passport accounts have been vulnerable to plundering by thieves and malicious hackers.
The vulnerability lets a criminal get access to a Passport account using a specific web address and a trigger phrase.
Criminals exploiting the flaw could have gained access to personal information, credit card details and online mail accounts.
The Passport bug was found by Muhammad Faisal Rauf Danka, a freelance computer security consultant.
Some of the Passport accounts owned by Mr Danka and his friends had been hijacked.
In discovering how this was done, he found the website that gives privileged access to personal accounts and lets passwords be reset.
"It was so simple to do it. It shouldn't have been so simple," said Mr Danka, "Anyone could have done this."
Reportedly Mr Danka sent 10 messages to Microsoft detailing the vulnerability but got no response.
Microsoft only reacted when information about the flaw was posted online"
Full story:
BBC Technology Pages
