A bug in Xbox Live allowed hackers to find emails associated with registered gamertags. The site used to report malicious behavior in the Xbox online community hid a vulnerability that allowed hackers to steal a user’s email address.
Last week, an anonymous hacker contacted them claiming they could find the email attached to the Xbox gamertag. The motherboard validated the hacker’s claim by sending two gamertags, one of which was specially created for this test. Within seconds, the hacker sent back the email address where these tags were registered. Generally, these email addresses are assumed to be private. Another anonymous hacker told Motherboard that the bug could be found at. This page allows players to contact the Microsoft team that monitors the Xbox online community.
Despite the obvious threat to customer security, Microsoft’s initial response to this security breach was not always urgent. In an email reply to a motherboard bug report, the Microsoft Security Response Center (MSRC for short) said: “Email may be considered sensitive information, but because there is nothing else to identify the issuer, MSRC is not tracking the issue and will determine mitigation measures if necessary. Leave it to the product group. “
But on Tuesday, a Microsoft spokeswoman confirmed that it had “released an update to protect its customers.” One of the anonymous hackers who contacted the motherboard specifically requested that the leak report be “the easiest vulnerability I’ve ever found” and not be published until it’s fixed. It is important to ensure that such precautions are taken, even for very non-sensitive information such as email addresses. There are precedents for hackers to use this type of vulnerability to dox people, such as when they used a similar bug on Instagram in 2017 to create a searchable database for doxing celebrities.