Up to 50 million Hotmail users’ email addresses were left exposed yesterday after one of the biggest security breaches in Internet history.

After a long day of updating hundreds of servers, Microsoft today claimed the security flaw - that allowed anyone to access users' email accounts - has been fixed.

Microsoft was alerted to a flaw that allowed a Swedish-hosted Internet site to access any user's Hotmail account without a password - and believed it had the issue resolved.

Microsoft was contacted about the bug by European users, and shut down the service until the issue was supposedly rectified, according to a company spokesperson.

However, tests showed that a slight variation on the original exploit still allowed access to accounts. The company believes it has now updated all its servers appropriately and is now performing a closer inspection of each machine.

"We've been updating the Hotmail servers throughout the morning. There was one that hadn't yet been updated, but it has now," said a Microsoft spokesperson. "We now have testers manually double checking each server to make sure they are updated. The bottom line is, it should be fixed."

The attack exposed tens of millions of potentially vulnerable accounts and did not require any hacking skills, only the name of a user account and the ability to cut and paste text.

The flaw, which was uncovered yesterday, was fixed on certain servers. But, by varying the server number entered, InfoWorld Test Center representatives still were able to access Hotmail email accounts without a password. InfoWorld representatives have confirmed that the flaw was no longer accessible yesterday afternoon.

A technical information source, Slashdot.org, also announced that Hotmail email accounts were vulnerable to the simple security breach.

The exploit appears not to be a "crack" so much as a backdoor exploit of the URL naming-conventions of Hotmail accounts. By using a certain URL combination with a specific parameter set to indicate no password, a re-direct occurs to Hotmail email accounts.

As the bug is part of the company's servers, Hotmail users need not worry about downloading a fix, according to Microsoft. The company also could not confirm if the bug was made possible by a new log-in system as part of the site.

"There is no consumer action required. They don't have to download a fix or anything, it's all resolved on the Microsoft side," the Microsoft spokesperson said. "I don't know the connection if any (to the new log-in system), we just acted quickly to protect users."

Hotmail, which was acquired by Microsoft last year, targets its free e-mail accounts at consumers, but many corporate users have used Hotmail or other free e-mail services as a backup to corporate messaging systems. It has approximately 40 million accounts.