Microsoft has had to take its ecommerce system, Passport, offline for 48 hours after a programmer in Seattle found a way to steal users' credit card numbers.

Microsoft insisted that no-one's information was compromised, and that it has now corrected the flaw.

And even the programmer concerned said that users of Microsoft's new Windows XP operating system, which is irrevocably integrated with Passport as a means of forcing it into the mainstream, would not have been affected.

But the move follows a string of incidents where either security in Passport - or the Hotmail free e-mail system to which it is tightly bound - has proved to be lax.

That has proved embarrassing for the software giant, since both are at the heart of its .NET project to extend its control of personal computing to the network.

And it also comes as Microsoft is trying to rewrite the rules for its dealings with computer security companies to stop them from revealing its security errors until it has found a cure for them - however long that takes.

Hotmail hole

In this case the programmer, Marc Slemko, found a way to get Hotmail users' credit card numbers simply by sending them an e-mail.

He exploited a feature of the system that allows users to buy goods from sites using Passport without having to sign in again - as long as they have signed into Hotmail no more than 15 minutes earlier.

By sending a given user an email containg a carefully crafted bit of code, Mr Slemko showed he could get access to credit card details as long as the user replied within the 15-minute margin.

Mr Slemko alerted Microsoft to the exploit before publishing the details, and his website says the company corrected it within 48 hours.