Microsoft Login System Puts Millions Of Users At Risk Of Getting Hijacked

Must Read

End Of Free Ride For Ola And Uber: GOI Sets New Rules For Cab Aggregators!

For long Ola and Uber have been enjoying the free ride on charging surge price from customers...

Google Pay Fee On Instant Transfer: An Indication Of Google’s Aggressive Monetisation Strategy?

Google has decided to levy fee on instant payment, starting from the US market.

Facebook’s Past Comes Back To Bite As South Korea Fines Them For 2018 Scandal

The social media behemoth Facebook Inc. (NASDAQ:FB) has once again proved they are the true arch-nemesis of...

Israeli cybersecurity company CyberArk recently discovered a bug in the Microsoft login system which can potentially be used by hackers to gain access to users’ login information without catching the system’s attention.

The bug in question makes it possible for cybercriminals to steal one’s account tokens.

Account tokens can be understood as an access key of sorts, which allows a logged-in user to remain persistently logged in even when they exit a service. It is created when one picks the “remember me” or “keep me logged in” option on signing in.

Advertisements

How this bug makes the system insecure

CyberArk uncovered a number of unregistered subdomains on various different Microsoft apps. A subdomain is simply an extension of one’s main website or domain name. For instance, a subdomain for abcwebsite.com would be store.abcwebsite.com. Its purpose is to make navigation to different parts of a website easier.

Thus, login tokens can be accessed or created by subdomains to make mobility within a service easy for the user. In most cases, users aren’t notified when this happens.

If an insecure subdomain falls into the hands of a cybercriminal, they can easily acquire user credentials, login tokens in this case.

Microsoft offers a range of services, both for personal and official purposes. Thus, sensitive information of millions of users is stored in the Microsoft systems. One of Microsoft’s most popular services, Microsoft Office 365, has approximately 34.8 million subscribers worldwide. That number alone sheds light on the seriousness of having such a bug in its system.

Similar blunders in the past

It seems that Microsoft is especially prone to token related bugs.

Advertisements

An article by TechCrunch posted late last year dealt with a very similar issue in Microsoft’s system.

An Indian bug hunter discovered a poorly configured subdomain in the Microsoft Office system and was easily able to trick the system into giving him access to login tokens and other data sent to it. The bug hunter, Sahad Nk, also shared how this was possible, here.

User privacy compromised often in Microsoft services

In August this year, Microsoft was found listening in on calls recorded through Skype’s translation service. The gist of the news was that contractors hired by Microsoft to improve Skype’s translations were asked to listen to snippets of calls to provide the best possible translations for them, to train the system’s algorithm. One of the contractors testified to the sensitivity and private nature of some of these snippets.

In July, researchers raised the concern of malicious advertisements popping up on Windows 10.

In 2018, as part of the Zero Day Initiative, it was discovered that Microsoft’s year-over-year increase in bug reports reached 120%. However, some experts also saw this as a sign of Microsoft’s seriousness to make its system as secure as possible.

An article by GNU.org also lists a number of other problems in the Microsoft systems such as a universal backdoor, a general proneness to bugs, insecure apps, and forceful imposition of updates and ads on users.

Increasing awareness of such instances, as well as certain competition squashing activities by Microsoft, have increased cautiousness in users. The tech giant is at a turning point in its history, with its venture to shift its focus from Windows to perfecting a Microsoft mobile phone. Coupled with the general increase in data breaches, it is important that Microsoft maintains a stable level of user safety and trust.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Apple Mac Devices Are Being Affected By A New Malware Meant To Spy And Steal Information

If you are a Macbook user, then beware! There’s a new form of malware doing rounds on...

Decoding Slack Acquisition: A Move To Give Microsoft Taste Of Their Own Medicine?

The acquisition of Slack has left many surprised. The popular workplace messaging app Slack recently sold its business to...

The Launch of ATT Feature Will Make Apple-Facebook Privacy Feud Nasty

Apple's firm stand has itched Facebook's co-founder Mark Zuckerberg. Much of today's internet usage has become heavily...

OYO, Pandemic and Future: CEO Agarwal Makes Big Claims

If there is one sector at which the pandemic really took a swing, it is the hospitality industry. But that's not the...

UPI Transactions To Cross Record 6.5 Billion In Q4 2020

The number of UPI transactions has crossed 2 billion mark in a second consecutive month. With that, it's clear that the number...

Facebook Acquires Kustomer: Social Commerce Is The Next Big Thing, For Sure!

In a bid to strengthen its social commerce’ arm, Facebook has recently paid top dollar for their recent acquisition.

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This