Microsoft says MSN flaw doesn't affect customers

Microsoft has insisted that users of its MSN website should continue to use the site, despite a newly discovered security flaw.

Security researcher Yash Kadakia found that because of the way the technology behind the MSN site works, cookies issued by it could be stolen by hackers. These could then be used to gather information about legitimate users. The flaw also affects the Amazon shopping website, Mr Kadakia said.

The cookies mean a user only has to log in once to either their Amazon or My MSN site. Once logged in to the site, a user doesn't have to re-enter a password again to access their personal details.

Mr Kadakia found the flaw would allow hackers to produce fake cookies to impersonate a user, without having to have that user's password or email address. The hacker could then access the victim's account and emails.

Mr Kadakia says that he told Microsoft of the problem a year ago, but was ignored until he posted on his website screen captures of how the flaw could be exploited by a hacker.

A spokesperson for Microsoft said that it was aware of the vulnerability in its sites, and that it "will provide a solution to address the problem". Although the flaw has not yet been patched, the company says it is "not currently aware of any customer impact".

We are still waiting for comment about this flaw from Amazon.