A security vulnerability in Microsoft Passport caused the company to temporarily shut down the service this weekend, casting doubts on Microsoft's plans for a .NET future. According to the person who discovered the vulnerability, this issue exposes a serious flaw in the service's eWallet feature that could have let hackers steal credit card information and other personal information.
However, Microsoft said this weekend that none of its 2 million Passport customers were at risk from the vulnerability. "We do not believe customer data was compromised in any way," a Microsoft spokesperson said. "We know we've got to build and earn trust for \[Passport\] to be successful. We're taking the right steps to do that." According to the spokesperson, Windows XP users were never at risk because of the additional security features built into that OS.
News of a Passport vulnerability is disturbing because it hits at the heart of Microsoft's strategy for the future. The temporary cessation of eWallet functionality this weekend affected only a few dozen e-commerce sites, but if the service is successful, a far wider range of customers could be affected by such service interruptions in the future. Microsoft says it has now fixed the problem.