The bug exploits a loophole in the way the service handles data, enabling hackers to change a user's password and lock them out of their inbox.
As reports of such practises circulated, some hackers took to forums and offered to breach Hotmail accounts for $20 (£12). Other posted videos of their accomplishments on YouTube.
Microsoft was informed of the issue by computer security researchers and closed the loophole shortly afterwards. Hackers will now receive an error message when they try to sabotage the data exchange.
Anti-virus firm Sophos claims to have stumbled on a plot by a network of Moroccan hackers to reset the passwords of 3 million Hotmail accounts using the technique.
"They're interested in stealing your identity and perhaps using an email account hack as a method to crowbar their way into other online accounts under your control," it said in a statement.
Hotmail is the world's largest web-based email service, with 350 million users. It is unclear how many of those accounts fell victim to the bug.
> Apple Mac security ten years behind Microsoft, says Kaspersky
> Facebook launches Anti-Virus Marketplace