http://www.rockefellernews.com/18603/hotmail-accounts-left-vulnerable-due-to-a-programming-bug/
The report, which was commissioned by the security vendor Trend Micro , said that the website of the company had a programming glitch, a common but dangerous bug known as the cross site script error, which was not fixed by the Microsoft staff for at least a week.
http://www.ncxgroup.com/2011/05/cross-site-scripting-attack-on-hotmail/
http://www.skuggen.com/2011/05/hotmail-accounts-hacked-emails-stolen/
Cross-site scripting (XSS)
By sending a specially designed email, hackers could access the selected users private emails. The email that was used contained a special code that caused all email messages stored on the recipient’s Hotmail account to be sent back to the hackers.
The company estimates that between 1000-2000 people may have had their emails stolen.