Technology content trusted in North America and globally since 1999
8,519 Reviews & Articles | 65,825 News Posts

Microsoft's new security leak puts Xbox LIVE user data at risk

Microsoft accidentally jeopardizes Xbox LIVE user accounts by leaking a website security certificate

By Derek Strickland from Dec 9, 2015 @ 20:31 CST

Thanks to a slip up at the hands of Microsoft, Xbox LIVE accounts accessed through the official Xbox LIVE website can now be hijacked on Windows 10 and Windows Phone platforms. The company has said that it's "not currently aware" of any reported suspicious activity, but warns users that their accounts may be at risk.


Microsoft reports that it "inadvertently disclosed" the private keys for sensitive security certificates, which hackers can use to acquire Xbox LIVE account information from Windows users. Armed with Xbox website's SSL/TLS digital certificates, hackers can prompt users to re-enter usernames and passwords on an insecure network. Be aware that this security measure doesn't affect Xbox 360 or Xbox One users directly, and is only limited to access to the Xbox LIVE mainsite.

"Microsoft is aware of an SSL/TLS digital certificate for * for which the private keys were inadvertently disclosed," reads the security warning. "The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue."

The notification notes that all modern versions of Windows including Windows 8, 8.1, 10 and Windows Phone platforms will be automatically updated with new certificate trust lists once Microsoft issues a fix. "To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate."

For now you should avoid signing into mainsite and wait for the all-clear from Microsoft. We'll be sure to update this newspost once more information is released. If you're extra paranoid, you could even access your account information via console and remove any sensitive financial information such as credit cards and the like. Remember, once your account is compromised, hackers can rack up tons of debt with in-store purchases and completely compromise your bank account.


Related Tags

PRICING: You can find products similar to this one for sale below.

USUnited States: Find other tech and computer products like this over at

UKUnited Kingdom: Find other tech and computer products like this over at

AUAustralia: Find other tech and computer products like this over at

CACanada: Find other tech and computer products like this over at

DEDeutschland: Finde andere Technik- und Computerprodukte wie dieses auf