Microsoft Login System Puts Millions Of Users At Risk Of Getting Hijacked

Must Read

The Hacking Of Jeff Bezos’ Phone: Facebook Blames Apple!

Hacking someone's phone through some malicious app or by injecting some code is nothing new. But when...

Google, Microsoft Buying Your Sensitive Personal Data From Avast Antivirus!

Your antivirus software may or may not protect you as much as you’d expect, but they are...

Which Countries Have the Biggest Share in the Global Gaming Market?

The global gaming market is expected to rise from $152 billion in 2019 to $196 billion by...

Israeli cybersecurity company CyberArk recently discovered a bug in the Microsoft login system which can potentially be used by hackers to gain access to users’ login information without catching the system’s attention.

The bug in question makes it possible for cybercriminals to steal one’s account tokens.

Account tokens can be understood as an access key of sorts, which allows a logged-in user to remain persistently logged in even when they exit a service. It is created when one picks the “remember me” or “keep me logged in” option on signing in.

Advertisements

How this bug makes the system insecure

CyberArk uncovered a number of unregistered subdomains on various different Microsoft apps. A subdomain is simply an extension of one’s main website or domain name. For instance, a subdomain for abcwebsite.com would be store.abcwebsite.com. Its purpose is to make navigation to different parts of a website easier.

Thus, login tokens can be accessed or created by subdomains to make mobility within a service easy for the user. In most cases, users aren’t notified when this happens.

If an insecure subdomain falls into the hands of a cybercriminal, they can easily acquire user credentials, login tokens in this case.

Microsoft offers a range of services, both for personal and official purposes. Thus, sensitive information of millions of users is stored in the Microsoft systems. One of Microsoft’s most popular services, Microsoft Office 365, has approximately 34.8 million subscribers worldwide. That number alone sheds light on the seriousness of having such a bug in its system.

Similar blunders in the past

It seems that Microsoft is especially prone to token related bugs.

Advertisements

An article by TechCrunch posted late last year dealt with a very similar issue in Microsoft’s system.

An Indian bug hunter discovered a poorly configured subdomain in the Microsoft Office system and was easily able to trick the system into giving him access to login tokens and other data sent to it. The bug hunter, Sahad Nk, also shared how this was possible, here.

User privacy compromised often in Microsoft services

In August this year, Microsoft was found listening in on calls recorded through Skype’s translation service. The gist of the news was that contractors hired by Microsoft to improve Skype’s translations were asked to listen to snippets of calls to provide the best possible translations for them, to train the system’s algorithm. One of the contractors testified to the sensitivity and private nature of some of these snippets.

In July, researchers raised the concern of malicious advertisements popping up on Windows 10.

In 2018, as part of the Zero Day Initiative, it was discovered that Microsoft’s year-over-year increase in bug reports reached 120%. However, some experts also saw this as a sign of Microsoft’s seriousness to make its system as secure as possible.

An article by GNU.org also lists a number of other problems in the Microsoft systems such as a universal backdoor, a general proneness to bugs, insecure apps, and forceful imposition of updates and ads on users.

Increasing awareness of such instances, as well as certain competition squashing activities by Microsoft, have increased cautiousness in users. The tech giant is at a turning point in its history, with its venture to shift its focus from Windows to perfecting a Microsoft mobile phone. Coupled with the general increase in data breaches, it is important that Microsoft maintains a stable level of user safety and trust.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Google, Microsoft Buying Your Sensitive Personal Data From Avast Antivirus!

Your antivirus software may or may not protect you as much as you’d expect, but they are...

Which Countries Have the Biggest Share in the Global Gaming Market?

The global gaming market is expected to rise from $152 billion in 2019 to $196 billion by 2022. Undoubtedly, gaming has become...

The Hacking Of Jeff Bezos’ Phone: Facebook Blames Apple!

Hacking someone's phone through some malicious app or by injecting some code is nothing new. But when the matter belongs to one...

Amazon India Food Delivery Business: An Emerging Threat for Swiggy and Zomato?

After establishing its prowess in one-day delivery and two-hour delivery, Amazon India is looking to expand into the domains of food delivery....

India the 3rd Worst Economically Affected Nation by Internet Shutdowns in 2019: Report

2019 saw an increasing awareness about internet shutdowns in the Indian population due to unprecedented first-hand experience with the phenomenon, especially in...

Amazon and Flipkart Under The Lens Of Indian Authorities For Competition Squashing Activities!

The ongoing tug of war between Offline and Online retailers in India seems to be far from over. On Monday, the Competition...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This