http://zdnet.com.com/2100-1105_2-1000429.html
<quote>
A serious security flaw in Microsoft's Passport service put customers' accounts, including
their personal information and credit card numbers, at risk of being hijacked.
The flaw, in Passport's password recovery mechanism, allowed an attacker to change the
password on any account to which the user name is known. The flaw was disclosed late Wednesday
night on the security mailing list Full Disclosure
</quote>
RichardM