Microsoft Login System Puts Millions Of Users At Risk Of Getting Hijacked

Must Read

Digital Services Will Account For 50% Of The Indian IT Industry Revenue By 2026 [Report]

The Indian IT industry is all set to accelerate growth over the next five years!

Facebook’s News Blackout In Australia: Shot Itself In The Foot Or Have The Last Laugh?

When Mark Zuckerberg and the team decided to blackout its news content in Australia, they had little...

Bounce Layoff: Bike Rental Startup To Pivot Into New Vertical

Bike-rental startup Bounce has laid off a massive chunk of its workforce in a bid to survive...

Israeli cybersecurity company CyberArk recently discovered a bug in the Microsoft login system which can potentially be used by hackers to gain access to users’ login information without catching the system’s attention.

The bug in question makes it possible for cybercriminals to steal one’s account tokens.

Account tokens can be understood as an access key of sorts, which allows a logged-in user to remain persistently logged in even when they exit a service. It is created when one picks the “remember me” or “keep me logged in” option on signing in.

Advertisements

How this bug makes the system insecure

CyberArk uncovered a number of unregistered subdomains on various different Microsoft apps. A subdomain is simply an extension of one’s main website or domain name. For instance, a subdomain for abcwebsite.com would be store.abcwebsite.com. Its purpose is to make navigation to different parts of a website easier.

Thus, login tokens can be accessed or created by subdomains to make mobility within a service easy for the user. In most cases, users aren’t notified when this happens.

If an insecure subdomain falls into the hands of a cybercriminal, they can easily acquire user credentials, login tokens in this case.

Microsoft offers a range of services, both for personal and official purposes. Thus, sensitive information of millions of users is stored in the Microsoft systems. One of Microsoft’s most popular services, Microsoft Office 365, has approximately 34.8 million subscribers worldwide. That number alone sheds light on the seriousness of having such a bug in its system.

Similar blunders in the past

It seems that Microsoft is especially prone to token related bugs.

Advertisements

An article by TechCrunch posted late last year dealt with a very similar issue in Microsoft’s system.

An Indian bug hunter discovered a poorly configured subdomain in the Microsoft Office system and was easily able to trick the system into giving him access to login tokens and other data sent to it. The bug hunter, Sahad Nk, also shared how this was possible, here.

User privacy compromised often in Microsoft services

In August this year, Microsoft was found listening in on calls recorded through Skype’s translation service. The gist of the news was that contractors hired by Microsoft to improve Skype’s translations were asked to listen to snippets of calls to provide the best possible translations for them, to train the system’s algorithm. One of the contractors testified to the sensitivity and private nature of some of these snippets.

In July, researchers raised the concern of malicious advertisements popping up on Windows 10.

In 2018, as part of the Zero Day Initiative, it was discovered that Microsoft’s year-over-year increase in bug reports reached 120%. However, some experts also saw this as a sign of Microsoft’s seriousness to make its system as secure as possible.

An article by GNU.org also lists a number of other problems in the Microsoft systems such as a universal backdoor, a general proneness to bugs, insecure apps, and forceful imposition of updates and ads on users.

Increasing awareness of such instances, as well as certain competition squashing activities by Microsoft, have increased cautiousness in users. The tech giant is at a turning point in its history, with its venture to shift its focus from Windows to perfecting a Microsoft mobile phone. Coupled with the general increase in data breaches, it is important that Microsoft maintains a stable level of user safety and trust.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

After SMS, WhatsApp Now Becomes A Threat To Cell Calling: 1 Billion And Counting

It already buried the SMSes in the ground. Now, traditional cellular calling is next on the hit...

Flipkart Quickly Learns From the Mistake Amazon Did: Setting Up A Level Playing Field For Sellers!

Unlike Amazon which allegedly implemented unethical strategies to tackles India’s FDI policy for e-commerce marketplaces, Flipkart plans to do it right!

Facebook’s $1 Billion Commitment To The News Industry: An Effort To Defuse The Situation!

Barking dogs seldom bite! After agreeing to reverse the news ban for Australian users, now Facebook is finally...

New RBI Guidelines Force You To Memorise All Of Your Card Details

It's time to get your brain prepped to do some much-needed homework and commit to memory the 16-digit numbers from all of...

Content Censorship: GOI To Tighten Its Noose Around Big Tech Platforms!

After having gone through an extensive dispute with Twitter over content removal, GOI wants to tighten its noose around all social media...

Amazon’s New Strategy To Crush Walmart: Thinking Out Of The Box

Amazon’s latest move to beat Walmart is sneaky and out of the box. The Bezos-owned e-commerce giant believes $15...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This