alt Hacker NewsI wonder how many accounts on other services were then hijacked using "forgot my password" attacks.
UPDATE: After a bit of digging it looks like they started the username recycling policy in 2013, may have quietly stopped doing that in 2018 but formalized no longer doing that in 2021: https://web.archive.org/web/20230627104616/https://www.micro...
"Summary of changes to the Microsoft Services Agreement – June 15, 2021 [...] In the Outlook and Office Services sections, we’ve removed the Outlook.com section to clarify that an email address or username is not recycled into our system or assigned to another user."
It's wild to me they ever started doing this in the first place. And in 2013 no less, it isn't like the hijacking risk was some far off concept at that point.