Microsoft Login System Puts Millions Of Users At Risk Of Getting Hijacked

Must Read

Apple is Being Evil For 1.5 Billion iPhone, iPad Users Worldwide

Last year when Apple Inc. (NASDAQ:AAPL) was accused of recording everything that iPhone users were talking through...

Is Bill Gates Developing Covid-19 Vaccine To Track Billions Of Users Worldwide?

Bill Gates is once again at the centre stage of controversy related to novel Coronavirus.

Uber India Layoffs 25% Workforce Citing Tough Market Conditions

After laying off thousands of employees in the US, Uber is scaling down its operations in India...

Israeli cybersecurity company CyberArk recently discovered a bug in the Microsoft login system which can potentially be used by hackers to gain access to users’ login information without catching the system’s attention.

The bug in question makes it possible for cybercriminals to steal one’s account tokens.

Account tokens can be understood as an access key of sorts, which allows a logged-in user to remain persistently logged in even when they exit a service. It is created when one picks the “remember me” or “keep me logged in” option on signing in.

Advertisements

How this bug makes the system insecure

CyberArk uncovered a number of unregistered subdomains on various different Microsoft apps. A subdomain is simply an extension of one’s main website or domain name. For instance, a subdomain for abcwebsite.com would be store.abcwebsite.com. Its purpose is to make navigation to different parts of a website easier.

Thus, login tokens can be accessed or created by subdomains to make mobility within a service easy for the user. In most cases, users aren’t notified when this happens.

If an insecure subdomain falls into the hands of a cybercriminal, they can easily acquire user credentials, login tokens in this case.

Microsoft offers a range of services, both for personal and official purposes. Thus, sensitive information of millions of users is stored in the Microsoft systems. One of Microsoft’s most popular services, Microsoft Office 365, has approximately 34.8 million subscribers worldwide. That number alone sheds light on the seriousness of having such a bug in its system.

Similar blunders in the past

It seems that Microsoft is especially prone to token related bugs.

Advertisements

An article by TechCrunch posted late last year dealt with a very similar issue in Microsoft’s system.

An Indian bug hunter discovered a poorly configured subdomain in the Microsoft Office system and was easily able to trick the system into giving him access to login tokens and other data sent to it. The bug hunter, Sahad Nk, also shared how this was possible, here.

User privacy compromised often in Microsoft services

In August this year, Microsoft was found listening in on calls recorded through Skype’s translation service. The gist of the news was that contractors hired by Microsoft to improve Skype’s translations were asked to listen to snippets of calls to provide the best possible translations for them, to train the system’s algorithm. One of the contractors testified to the sensitivity and private nature of some of these snippets.

In July, researchers raised the concern of malicious advertisements popping up on Windows 10.

In 2018, as part of the Zero Day Initiative, it was discovered that Microsoft’s year-over-year increase in bug reports reached 120%. However, some experts also saw this as a sign of Microsoft’s seriousness to make its system as secure as possible.

An article by GNU.org also lists a number of other problems in the Microsoft systems such as a universal backdoor, a general proneness to bugs, insecure apps, and forceful imposition of updates and ads on users.

Increasing awareness of such instances, as well as certain competition squashing activities by Microsoft, have increased cautiousness in users. The tech giant is at a turning point in its history, with its venture to shift its focus from Windows to perfecting a Microsoft mobile phone. Coupled with the general increase in data breaches, it is important that Microsoft maintains a stable level of user safety and trust.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Uber India Layoffs 25% Workforce Citing Tough Market Conditions

After laying off thousands of employees in the US, Uber is scaling down its operations in India...

Apple is Being Evil For 1.5 Billion iPhone, iPad Users Worldwide

Last year when Apple Inc. (NASDAQ:AAPL) was accused of recording everything that iPhone users were talking through Siri, the company was quick...

Is Bill Gates Developing Covid-19 Vaccine To Track Billions Of Users Worldwide?

Bill Gates is once again at the centre stage of controversy related to novel Coronavirus. Battling falsehood and paranoid...

Darkest Before Dawn: Can India Survive Its Worst Ever Recession?

Bolt your doors, batter down your hatches, brace yourselves. Recession is about to make landfall. According to Goldman Sachs, a...

Crisis Of Trust: The Glue Between Brands, Customers And Employees!

The COVID-19 crisis, which shows no sign of stopping any time soon, has left no life untouched in terms of impact. It...

WeWork Valuation: $2.9 Billion, Way Below Than Estimated $47 Billion 6 Month Ago

If you are thinking it is some kind of clickbait, you are highly mistaken. The debate on the valuation of WeWork once...

In-Depth: Dprime

Fantastic 4: Four Day Work Week A Flashpoint Of Innovation?

It has been an idea that has been mooted by many, perhaps also somewhat sceptically. From being a dark horse to becoming...

TikTok Is Facing The Wrath Of People Who Love It The Most

Ever since the popular social media app TikTok entered India, it has been growing very aggressively in terms of users. Within a...

Facebook Shops: Looking Beyond Ad Dollars!

Amid this global pandemic, when companies are struggling to find new verticals to pivot towards in order to maintain their revenue and...

More Articles Like This