Thanks to a slip up at the hands of Microsoft, Xbox LIVE accounts accessed through the official Xbox LIVE website can now be hijacked on Windows 10 and Windows Phone platforms. The company has said that it's "not currently aware" of any reported suspicious activity, but warns users that their accounts may be at risk.
Microsoft reports that it "inadvertently disclosed" the private keys for sensitive security certificates, which hackers can use to acquire Xbox LIVE account information from Windows users. Armed with Xbox website's SSL/TLS digital certificates, hackers can prompt users to re-enter usernames and passwords on an insecure network. Be aware that this security measure doesn't affect Xbox 360 or Xbox One users directly, and is only limited to access to the Xbox LIVE mainsite.
"Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed," reads the security warning. "The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue."
The notification notes that all modern versions of Windows including Windows 8, 8.1, 10 and Windows Phone platforms will be automatically updated with new certificate trust lists once Microsoft issues a fix. "To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate."
For now you should avoid signing into Xbox.com mainsite and wait for the all-clear from Microsoft. We'll be sure to update this newspost once more information is released. If you're extra paranoid, you could even access your account information via console and remove any sensitive financial information such as credit cards and the like. Remember, once your account is compromised, hackers can rack up tons of debt with in-store purchases and completely compromise your bank account.
GPU price war intensifies: AMD RX 7900 XT and NVIDIA RTX 4070 Ti Super have never been cheaper
Fallout 76 broke its all-time player count record on Steam thanks to the Fallout TV show
GIGABYTE unveils XTREME Prestige Limited Edition AORUS Z790 motherboard and RTX 4080 SUPER
PlayStation 5 Pro release window has a major issue no one is talking about
Acer Predator Z57 Mini LED 57-inch dual 4K ultrawide beast will launch for $1,999
NuPhy Air96 V2 Wireless Mechanical Keyboard Review
TEAM T-FORCE Siren DUO360 RGB Liquid CPU Cooler Review
AVerMedia Live Streamer ULTRA HD Review
AVerMedia Live Gamer 4K 2.1 Review
XPG Invader X Mid-Tower Chassis Review
Intel Core i9-14900KS CPU Review
Arbiter Polar 65 Magnetic Gaming Keyboard Review
ASUS ROG Falchion RX Low Profile Keyboard Review
MSI MPG 321URX QD-OLED Gaming Monitor Review - 4K gaming at its best
UGREEN NASync DXP480T All-Flash NAS Review
Everything you need to know about the latest ASUS NUC Mini PCs - NUC 14 Pro and ROG NUC
How to Overclock Your GPU and Boost Your PC Gaming with ASUS GPU Tweak III
ASUS's AMD Radeon RX 7000 Series GPU lineup has something for every gamer
ASUS OLED Premium Care defends the ROG Swift OLED PG32UCDM gaming monitor from burn-in
Patriot Viper Xtreme 5 Engineering Prototype 48GB Dual-Channel Memory Kit Preview