Microsoft Login System Puts Millions Of Users At Risk Of Getting Hijacked

Must Read

Microsoft Warns Millions of Windows 10 Users, And It’s Scary!

Microsoft’s Windows 10 update worries seem to haven’t stopped even after they started to secretly offer Windows...

Facebook Falls Prey To Coronavirus: Cancels Global Marketing Summit 2020

The deadly Coronavirus outbreak seems to have now become the primary cause of the cancellation of another...

Microsoft Study Reveals Indians Have Become Less Digitally Civilised Than The Previous Years!

With the coming age of digital boom in India, more and more people have been gaining access...

Israeli cybersecurity company CyberArk recently discovered a bug in the Microsoft login system which can potentially be used by hackers to gain access to users’ login information without catching the system’s attention.

The bug in question makes it possible for cybercriminals to steal one’s account tokens.

Account tokens can be understood as an access key of sorts, which allows a logged-in user to remain persistently logged in even when they exit a service. It is created when one picks the “remember me” or “keep me logged in” option on signing in.

Advertisements

How this bug makes the system insecure

CyberArk uncovered a number of unregistered subdomains on various different Microsoft apps. A subdomain is simply an extension of one’s main website or domain name. For instance, a subdomain for abcwebsite.com would be store.abcwebsite.com. Its purpose is to make navigation to different parts of a website easier.

Thus, login tokens can be accessed or created by subdomains to make mobility within a service easy for the user. In most cases, users aren’t notified when this happens.

If an insecure subdomain falls into the hands of a cybercriminal, they can easily acquire user credentials, login tokens in this case.

Microsoft offers a range of services, both for personal and official purposes. Thus, sensitive information of millions of users is stored in the Microsoft systems. One of Microsoft’s most popular services, Microsoft Office 365, has approximately 34.8 million subscribers worldwide. That number alone sheds light on the seriousness of having such a bug in its system.

Similar blunders in the past

It seems that Microsoft is especially prone to token related bugs.

Advertisements

An article by TechCrunch posted late last year dealt with a very similar issue in Microsoft’s system.

An Indian bug hunter discovered a poorly configured subdomain in the Microsoft Office system and was easily able to trick the system into giving him access to login tokens and other data sent to it. The bug hunter, Sahad Nk, also shared how this was possible, here.

User privacy compromised often in Microsoft services

In August this year, Microsoft was found listening in on calls recorded through Skype’s translation service. The gist of the news was that contractors hired by Microsoft to improve Skype’s translations were asked to listen to snippets of calls to provide the best possible translations for them, to train the system’s algorithm. One of the contractors testified to the sensitivity and private nature of some of these snippets.

In July, researchers raised the concern of malicious advertisements popping up on Windows 10.

In 2018, as part of the Zero Day Initiative, it was discovered that Microsoft’s year-over-year increase in bug reports reached 120%. However, some experts also saw this as a sign of Microsoft’s seriousness to make its system as secure as possible.

An article by GNU.org also lists a number of other problems in the Microsoft systems such as a universal backdoor, a general proneness to bugs, insecure apps, and forceful imposition of updates and ads on users.

Increasing awareness of such instances, as well as certain competition squashing activities by Microsoft, have increased cautiousness in users. The tech giant is at a turning point in its history, with its venture to shift its focus from Windows to perfecting a Microsoft mobile phone. Coupled with the general increase in data breaches, it is important that Microsoft maintains a stable level of user safety and trust.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Facebook Without Mark Zuckerberg And Sheryl Sandberg?

Imagine Facebook without Mark Zuckerberg and Sheryl Sandberg, the current CEO and COO of the world's largest...

Essential Email Marketing Features for eStore Owners That Generate Guaranteed ROI

Email marketing is essential and is a significant part of current digital strategies. Email marketing reigns supreme when you need to enhance...

Microsoft Subdomains Have A Massive Security Loophole, Leading To Cyber Attacks!

A security researcher has pointed out the fact that Microsoft’s thousands of subdomains are prone to many vulnerabilities which can be taken...

SoftBank On Uneven Grounds With Vision Fund 2: Spent $2.5 Billion To Boost Confidence

The Japanese tech conglomerate SoftBank Group Corp seems to be highly optimistic about the investment scenario worldwide even after a few...

Apple To Launch A New iPhone On 31st March To Take Competitors By Surprise

A surprise launch of a new Apple iPhone, dubbed as iPhone SE 2, may take place soon. Much has been speculated and...

Paytm And PhonePe Will Spend Jaw-Dropping Amount On Marketing Efforts In 2020

It has recently been reported that Paytm and PhonePe which are leading digital payment companies of India have combined allocated a humongous...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This