WebHot Website Design & Hosting

WebHot Website Design & Hosting Dedicated to designing the best, affordable website for you and your business. It is paramount your

How “eh” Broke Hotmail—and Internet SecurityIn 1999, one of the most astonishing security flaws in internet history surf...
14/05/2025

How “eh” Broke Hotmail—and Internet Security

In 1999, one of the most astonishing security flaws in internet history surfaced. Hackers discovered that entering the letters “eh” into the password field of any Hotmail login page would grant access to any user’s account. No username needed, no brute force required—just “eh.” It was possibly the simplest and most dangerous vulnerability ever uncovered in a major email service.

Hotmail, which had just been acquired by Microsoft in 1997, was one of the largest email providers at the time with millions of users worldwide. This flaw wasn’t the work of sophisticated espionage or malware. It was a gaping hole in the authentication system that somehow made it past every layer of security review.

When word got out—especially in European tech circles and forums—the damage was swift. For hours, possibly days, anyone could access any inbox simply by typing "eh." Personal conversations, bank statements, passwords, and sensitive business information were all exposed.

Microsoft responded quickly, patching the vulnerability within hours after it became widely known. But by then, the internet had learned a hard lesson: trust in digital platforms is fragile, and even tech giants can slip. The incident sparked major concerns about online privacy and prompted companies to reassess their approach to cybersecurity.

The Hotmail “eh” incident remains a stark reminder of the early internet’s wild west days, when basic flaws could bring entire systems to their knees. It also highlights the importance of responsible disclosure—had the flaw been shared privately with Microsoft, millions of users might have been spared potential breaches.

In a world where data breaches often involve sophisticated tactics, this case stands out for its absurd simplicity. A two-letter word almost brought down a global communication tool—and showed just how little stood between users and chaos.

Co-op confirms data theft after DragonForce ransomware claims attackThe Co-op cyberattack is far worse than initially re...
02/05/2025

Co-op confirms data theft after DragonForce ransomware claims attack

The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past customers.
"As a result of ongoing forensic investigations, we now know that the hackers were able to access and extract data from one of our systems," Co-op told BleepingComputer.
"The accessed data included information relating to a significant number of our current and past members."

"This data includes Co-op Group members' personal data such as names and contact details, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group."
On Wednesday, UK retail giant Co-op downplayed the cyberattack, stating that it had shut down portions of its IT systems after detecting an attempted intrusion into its network.
However, soon after the news broke, Webhot learned that the company did indeed suffer a breach utilizing tactics associated with Scattered Spider/Octo Temptest, but their defenses prevented the threat actors from performing significant damage to the network.
Sources told Webhot that it is believed the attack occurred on April 22, with the threat actors utilizing tactics similar to the attack on Marks and Spencer. The threat actors reportedly conducted a social engineering attack that allowed them to reset an employee's password, which was then used to breach the network.

Once they gained access to the network, they stole the Windows NTDS.dit file, a database for Windows Active Directory Services that contains password hashes for Windows accounts.
Co-op is now in the process of rebuilding all of its Windows domain controllers and hardening Entra ID with the help of Microsoft DART. KPMG is assisting with AWS support.
When sharing these details with Co-op yesterday, the company said it had nothing further to share and sent us its original statement.
Do you have information about this or another cyberattack? If you want to share the information, you can contact us securely and confidentially, just drop us a message.
DragonForce ransomware behind attack
Today, the BBC first reported that affiliates for the DragonForce ransomware operation, the same hackers who breached M&S, are also behind the attack on Co-op.
BBC correspondent Joe Tidy spoke to the DragonForce operator, who confirmed they were behind the attack and shared samples of corporate and customer data stolen during the attack. The threat actors claim to have data from 20 million people who registered for Co-op's membership reward program.
The threat actors stated they contacted Co-op's head of cyber security and other executives using Microsoft Teams messages, sharing screenshots of the extortion messages with the BBC.
After the attack, Co-op sent an internal email to employees warning them to be vigilant when using Microsoft Teams and not to share any sensitive data, likely out of concern that the hackers still had access to the platform.

The threat actors also claimed to the BBC that they were behind the attempted cyberattack on Harrods.
DragonForce is a ransomware-as-a-service operation where other cyber criminals can join as affiliates to use their ransomware encryptors and negotiation sites. In exchange, the DragonForce operators receive 20-30% of any ransoms paid by extorted victims.
In attacks, the affiliates will breach a network, steal data, and ultimately deploy malware that encrypts the files on all of the servers and workstations. The threat actors then demand a ransom payment to retrieve a decryptor and promise that stolen data will be deleted.
If a ransom is not paid, the ransomware operation typically publishes the stolen data on their dark web data leak site.
DragonForce is a relatively new operation but is gearing up to be one of the more prominent onesin the ransomware space.
They are believed to be working with English-speaking threat actors that fit a specific set of tactics associated with the name "Scattered Spider" or "Octo Tempest."
These threat actors are experts at using social engineering attacks, SIM Swapping, and MFA fatigue attacks to breach networks and then steal data or deploy ransomware. The threat actors are known to aggressively extort their victims.
To be clear, Scatted Spider is not a gang or group with specific members. Instead, they are an amorphous community of financially motivated threat actors who congregate on the same Telegram channels, Discord servers, and hacking forums.

As they are "scattered" throughout the cybercrime landscape, it is more difficult for law enforcement to track individual people who are associated with an attack.
The original threat actors associated with the Scattered Spider classification were behind a string of attacks, including those on MGM and Reddit.
Some, if not all, of these original hackers have now been arrested by the US, United Kingdom, and Spain.
However, previously unknown hackers or copycats are now utilizing the same methods to escalate attacks.
Cybersecurity researcher Will Thomas has put together a recommended guide on defending against Scattered Spider attacks.

Great software 🔥🔥
16/04/2025

Great software 🔥🔥

Shout out to my newest followers! Excited to have you onboard!Jitendra Kumawat, Debjit Sarkar, Sushil Kumar Mourya, Muke...
05/07/2024

Shout out to my newest followers! Excited to have you onboard!

Jitendra Kumawat, Debjit Sarkar, Sushil Kumar Mourya, Mukesh Kumar, Hansraj Jangra, Sonu Tiwari Tiwari, Sandeep Verma, Abdulla Anjum, Manjeet Malik, Raj Ray, Mahesh Saini, Gopi Bazar, Yarabazra, Dil Mohammad, Nilesh Pathar, Sukhnidhan Payasi, Shah Bisma, Deepak Kumar, Bablu Khunte, Kukku Yadav, Rudra Pandit, Anil Kumar, M Sass, Jeetindra Kumar, Hakk Sach, Muhammad Ahsan Muhammad Ahsan, Raj Kumar Raj Kumar, Goldi Chaudhary, Raj A***n, Edu Shaikh, Bhaveshbhai Mangaroliya, Munna K, Arun Bhatnagar, Choice Ahmed, Hafiz Khan, Aaliyan Awan, Vijay Kumar, Md Shanto Ahmed, Ariel Buaya

Shout out to my newest followers! Excited to have you onboard!Rajiv Das, Abadul Satar, Akash Kashyap, Shivi Verma, Raj P...
07/12/2023

Shout out to my newest followers! Excited to have you onboard!

Rajiv Das, Abadul Satar, Akash Kashyap, Shivi Verma, Raj Paliwal, Karan, Vishal Vishal, Himanshu Verma, Balaguru Guru, Cody James

Who uses AI to help with their websites ❓❓
07/12/2023

Who uses AI to help with their websites ❓❓

We’ve been made aware of a significant Phishing campaign targeting the UK, Please do not click on, forward or respond to...
13/07/2023

We’ve been made aware of a significant Phishing campaign targeting the UK, Please do not click on, forward or respond to any emails relating to the NATO summit.

The documents attached in those links contain a virus that compromises Microsoft Word. There’s not a lot of information as to what that virus does but it does come from a well-known Russian ransomware group.

The example pictured shows the email.

I have no words 😂🚀🚀🪐
06/07/2023

I have no words 😂🚀🚀🪐

Shout out to my newest followers! Excited to have you onboard!Yudhishther Singhvi, Vicky Raj, Habib Malik, Nazmul Islam,...
29/06/2023

Shout out to my newest followers! Excited to have you onboard!

Yudhishther Singhvi, Vicky Raj, Habib Malik, Nazmul Islam, Pramod Kumar Panth, Ganesh Khade, AbdulQadeer Phull Phull, Emran Emon, সরদার মুহাম্মদ শাহাদাৎ, Fanaar Jee, Chandravijay Yadav, Joginder Verma, Rahul Thombre, Narayan Shur, Alishan Dahar Ali Shan, Meera Yadav, Mo Ansari Ansari, Rajak Syed, Manish Pandey, Batuk Sitapara, Deepak Tailor, Md Shahid, Manoj Gupta, Natik Lamba, Ismail Kaliyulraghuman, Anshul Chouhan, Robin Kar, Vinod Saini, Paspote Pappu, महेंद्र पाल भटनागर, Suraj Ghose, Aman Kumar, Pappu Shaikh, Aliana Adams, Rahul Chobey, Dharmendra Naila, Trivial Trid, Roshan Ali M, Govind Sonlaki, Arun Kumar, Akash Chauhan, Adi Hmi Adi, Vikas Sanghavi, Sonu Kumaar, Brandon James, Riddhi Singh, Singh Shb, Dasi Sonu, Sandy Sand, Ahsan Nomi Nomi

Ranking…It’s not rocket science 1 - Good Keyword Research2 - Solid On Page Optimization (and some decent content)3 - A h...
05/01/2023

Ranking…
It’s not rocket science
1 - Good Keyword Research
2 - Solid On Page Optimization (and some decent content)
3 - A handful of decent backlinks
That is all 🔁🔁

18/07/2022

Watch out there’s scammers about !

Address

Snaith
DN149HN

Telephone

07393116961

Website

Alerts

Be the first to know and let us send you an email when WebHot Website Design & Hosting posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to WebHot Website Design & Hosting:

Shortcuts

Share

Category