Outlook.com had 'classic' XSS flaw in authentication engine

Redmond pays $25k to hacker who spotted flaw allowing anyone to own your email

Synack senior security researcher Wesley Wineberg has received US$25,000 from Microsoft for quietly disclosing a bug that allows any Hotmail account to be hijacked."