Hackers could steal credit cards from "e-wallet" technology
Microsoft Corp. acknowledged that its "Passport" technology for safeguarding Internet purchases has a serious design flaw that could have allowed hackers to steal credit card numbers and personal information.
2 million customers use the "e-wallet" feature of Passport that was vulnerable, but there was no evidence of any theft. It temporarily shut down access by all consumers to their virtual wallets starting Wednesday for repairs to the network and testing. That move inconvenienced buyers at roughly 70 e-commerce Web sites that support Microsoft"s wallet technology, called "Express Purchase."
Overall, up to 200 million people have signed up for Passport accounts, which are nearly impossible to avoid under Microsoft"s new Windows XP operating system. Passport promises consumers a single, convenient method for identifying themselves across different Web sites.
"We do not believe customer data was compromised in any way," Microsoft spokesman Adam Sohn said Friday. "We know we"ve got to build and earn trust for (Passport) to be successful. We"re taking the right steps to do that."
Users of Windows XP software were never vulnerable because of additional security measures built in, Sohn said.