Brett_Tabke - 11:24 am on Jul 23, 2009 (gmt 0)

The email account/username in question did exist, the hacker (re)created it. Unless you're saying that the above should consider an account name taken if it exists at any of the three? Not gonna happen :-)

Well, I am saying that the first time it was tried the hacker knew what the account was. During that step, Gmail shouldhave pinged hotmail and and hotmail said the act was doa, so Gmail should have purged that hotmail address from it's system and not allowed it to be used a 2nd time (which is when the pw reset link was sent to the freshly created hotmail act).