Xbox Live private keys mistakenly disclosed, says Microsoft

4.5
This could be a big whammy for Xbox Live users ahead of the Christmas holidays. Microsoft on Wednesday announced the leak of private keys for Xbox Live that could endanger millions of Xbox Live users. The problem with leaked keys being available openly is that potential hackers could use it cause problems of the users.

Microsoft statement did not list the source of the leaks but the company said that the leaked keys have so far not been used in any cyber attack.

In the security advisory released Wednesday, Microsoft said it has invalidated the leaked certificate. “To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate,” reads the advisory. The leaked digital certificate cannot be used to impersonate domains, create new certificates or sign code.

However the biggest concern is that the private keys could be used to mount a in a “man-in-the-middle” attack. Potential hacker could use the leaked Xbox Live private keys to gain access to a secure connection. “Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user,” Microsoft explained. A hacker could intercept messages sent between Microsoft and the Xbox Live user. Information or sensitive data could be stolen via this method.

Posted:
Related Forum: Xbox Forum

Source: http://www.techworm.net/2015/12/xbox-live-users-open-to-hack-as-microsoft-accidentally-leaks-private-keys.html

Related Articles

Comments

"Xbox Live private keys mistakenly disclosed, says Microsoft" :: Login/Create an Account :: 39 comments

If you would like to post a comment please signin to your account or register for an account.

Joyful-Posted:

Robbed I really hope my personal information is not in the hands of someone else.


Same that would be sketchy

RobbedPosted:

I really hope my personal information is not in the hands of someone else.

OGPosted:

Why does this type of stuff always happen for the holidays? Don't they have other better stuff to do instead of messing up everyone's holiday?

Credit to microsoft for warning us. Its time to start being cautious.

TaylorPosted:

So, is there going to be any update to this? Are they going to be sending emails or anything to let people know, or am I going to have to wait for another news article?

RepBanditPosted:

Good ol CC theft..
I am a hacker, never did I have a lot of dough

gtapro151Posted:

at least they found it and warned us now i know to take my cc off my account and not buy anything on live for the time being

KozmoTheMedicPosted:

Im still gonna be playing xbox n watching netflix before bed, idk if sony could say the sameee

HushPosted:

Atleast Microsoft is honest.

EternityPosted:

Silently giggling when I see people say "Glad I stopped playing Xbox" or "Good thing I switched to PS4. Sony doesn't do that anymore"

Microsoft has almost always had an exemplary record with account security and data breaches (or a lack thereof). They've told people it happened, giving those who will worry plenty of time to secure their accounts, and they also have said the private keys leaked are now invalid. Go ahead and read that last sentence again if you're still concerned.

An update will be out in very little time and It will be as though nothing had happened. Heck, it will probably just all be server side. It won't take them months to make new private keys, let alone the ones leaked are already invalid and can't be used. Honestly, from reading the first word to the last in the article, I never became worried for the security of my account. And I don't think anyone else should be worried either

KaaiPosted:

I think i would of felt a hunnid times better if i didn't know this..


Latest Downloads

Latest Tutorials