> After examining that code early Monday, outside security experts suggested that the problem might have been a backdoor inadvertently left open on Hotmail servers by Microsoft engineers.
Microsoft vehemently denied the backdoor suggestions, and instead described the problem as "an unknown security issue."
The greatest moment in the history of Canadian hackers.
And of course any admin account password : meh
Even worse, password recovery from late 90s to 2002 or so was a question/answer system. Most questions were things like "what is the make of my first car" or "where do I want to take a vacation" or "favorite food" or "who do I love", etc. The kind of things that have a very limited set of guessable answers ("ford", "hawaii", "pizza", "mom"), and can easily be answered if you know the person at all (but reasonably easy even if you don't). Once answered correctly after unlimited attempts, it would show the password in plaintext. Pretty easy.
Wait, how did either of those guys know my password? Nobody but me is supposed to know it, you guys.
Same hack works now, but the password is "whatsupdoc?"