A new Xbox Live bug has been discovered that allowed hackers to obtain the gamertag email addresses of Xbox One, Xbox Series X, and Xbox Series S users. At the moment, this appears to be the extent of the exploit, which has seemingly been fixed, but not before exposing a serious bug in the system, one that Microsoft initially didn't seem very concerned with because while the breach leaks emails, this is the only information it was leaking.

Word of the bug in the system comes way Motherboard, who was contacted by an anonymous hacker who exposed the issue to the outlet, which didn't just take the hacker's word but verified the issue. Meanwhile, a different hacker revealed that this bug is found in the Xbox Live enforcement portal, a page that allows Xbox users to contact Microsoft directly.

When Motherboard first reached out to comment, Microsoft seemingly downplayed the problem as "something that does not meet the MSRC bar for service."

"An email may be considered sensitive information, however, since it provides nothing else to identify the issuer, is not something that meets MSRC bar for service. As such, MSRC is not tracking the issue and will leave it to the product group to determine a mitigation as needed."

However, after the initial response, Microsoft relayed word that an update had been pushed to nip the issue in the bud. Fortunately for Xbox users and Microsoft, the hackers who revealed the bug to Motherboard ensured it wasn't made public before a fix was issued. While email addresses being leaked isn't the big security breach, it can lead to larger problems like doxxing.

That said, while this issue has seemingly been patched, it does expose a larger issue with how vulnerable many of these services are. According to the aforementioned hackers, this was the "easiest vulnerability" they ever came across.



Posted: Nov 28, 2020 8:11 pm
Related Forum: Xbox Forum

Source: https://comicbook.com/gaming/news/xbox-one-live-gold-series-x-bug-hackers-gamertag-email/