Tech content trusted by users in North America and around the world
7,248 Reviews & Articles | 52,581 News Posts

Microsoft's new security leak puts Xbox LIVE user data at risk

Microsoft accidentally jeopardizes Xbox LIVE user accounts by leaking a website security certificate
By: Derek Strickland | Gaming News | Posted: Dec 10, 2015 2:31 am

Thanks to a slip up at the hands of Microsoft, Xbox LIVE accounts accessed through the official Xbox LIVE website can now be hijacked on Windows 10 and Windows Phone platforms. The company has said that it's "not currently aware" of any reported suspicious activity, but warns users that their accounts may be at risk.




Microsoft reports that it "inadvertently disclosed" the private keys for sensitive security certificates, which hackers can use to acquire Xbox LIVE account information from Windows users. Armed with Xbox website's SSL/TLS digital certificates, hackers can prompt users to re-enter usernames and passwords on an insecure network. Be aware that this security measure doesn't affect Xbox 360 or Xbox One users directly, and is only limited to access to the Xbox LIVE mainsite.


"Microsoft is aware of an SSL/TLS digital certificate for * for which the private keys were inadvertently disclosed," reads the security warning. "The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue."


The notification notes that all modern versions of Windows including Windows 8, 8.1, 10 and Windows Phone platforms will be automatically updated with new certificate trust lists once Microsoft issues a fix. "To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate."


For now you should avoid signing into mainsite and wait for the all-clear from Microsoft. We'll be sure to update this newspost once more information is released. If you're extra paranoid, you could even access your account information via console and remove any sensitive financial information such as credit cards and the like. Remember, once your account is compromised, hackers can rack up tons of debt with in-store purchases and completely compromise your bank account.


Related Tags

Got an opinion on this news? Post a comment below!
Subscribe to our Newsletter

Latest News Posts

View More News Posts
View Our Latest Videos

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases