Microsoft Hotmail, the former name of Outlook.com, has a generally poor security history. In 1999, a vulnerability was discovered that allowed anyone to access an arbitrary Hotmail account by logging in with the password "eh" due to poor programming practices.
Likewise, In 2001, a similar exploit allowed users to retrieve emails from any other Hotmail account by modifying the URL to include the target's username and a message number. After disclosure, it took Microsoft three weeks to patch the issue.