Share this article

Latest news

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft fixes bug allowing hackers to see emails associated with Xbox gamertags

2 min. read

Published onNovember 30, 2020

published onNovember 30, 2020

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

While many of us were safely gaming away this holiday weekend in the US, it was only done so because Microsoft was able to quietly patch a bug that prevented further Xbox Live members’ email addresses to be hacked.

Last week,Motherboard had received some anonymous informationabout hackers being able to capture the emails associated with any Xbox Gamertag. Through an independent verification, where Motherboard gave the hacker’s test Gamertags, the claims were confirmed.

Fortunately, it seems the anonymous hackers were less nefarious in their intentions because they also pointed Motherboard in the direction of the root cause. A bug in the Xbox Live enforcement portal is how the hackers claimed to gain access to email information from Xbox’s online gamer profiles.

In addition to pointing out the bug, the anonymous hackers also asked that Motherboard report on the issue only after Microsoft had a chance to patch it. The secrecy behind quietly allowing Microsoft a chance to address this was due in large part to a similar bug beingused to dox Instagram celebritiesback in 2017, a result the anonymous hackers sought to prevent this time around.

Even as the company was made aware of the vulnerability,Microsoft’s Security Response Centerwaived off immediate concern, citing that while emails “may be considered sensitive information, however since it provides nothing else to identify the issuer, is not something that meets MSRC bar for service.”

Perhaps, the MSRC’s tone-deaf response to an obvious user threat reached the doorsteps of the higher-ups because 24 hours later, Microsoft issued a release regarding an update that we sent out to patch the bug.

Kareem Anderson

Networking & Security Specialist

Kareem is a journalist from the bay area, now living in Florida. His passion for technology and content creation drives are unmatched, driving him to create well-researched articles and incredible YouTube videos.

He is always on the lookout for everything new about Microsoft, focusing on making easy-to-understand content and breaking down complex topics related to networking, Azure, cloud computing, and security.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Kareem Anderson

Networking & Security Specialist

He is a journalist from the bay area, now living in Florida. He breaks down complex topics related to networking, Azure, cloud computing, and security