On Fri, 8 Feb 2002, Tom Micklovitch wrote: > Exploit: > > Register an account for MSN messenger, make some contact email > addresses, leave the account for 31 days. On a different machine (to > ensure there's no cache), go to the sign up section of MSN messenger, > sign up again, using the same screen name. You'll be able to see the > previous user's contact list. > > -- snip -- This issue was initially reported back in August 2000 to Bugtraq [1] by James Nelson Microsoft did respond [2] but must've decided it wasn't an issue... all those lovely graphical updates to make Messenger look pretty were obviously deemed more important. [1] http://www.securityfocus.com/archive/1/76183 [2] http://www.securityfocus.com/archive/1/76388
