The exploit in hotmail can be used to go immediatly to the secret question thing therefor I don't think that's the prob, cause Tim_axe used a random sentence and password. My guess is that either one close to Tim_axe, like for instance a boy- or girl friend did this to have lol; or that he used some public computer and was not properly logged out or something worse, let windows keep the password on disk; or third, his computer is compromised with a keylogger and trojan... ; or fourth some1 changed Tim_axe's hosts files... so he thinks he's on hotmail while he's not... and giving passwords to the attacker... I think there are more possibilities left... (like a network sniffer) but these are the ones that comes to mind.