"A Bug in Microsoft’s Login System Put Users at Risk of Account Hijacks"

Security researchers at CyberArk discovered a vulnerability in Microsoft's login system that could have allowed attackers to hijack users' accounts. According to researchers, attackers could have exploited the bug to steal account tokens, which are granted to users by websites and apps to enable them to access their accounts without having to re-enter their passwords. The researchers discovered the use of unregistered subdomains linked to some highly trusted apps developed by Microsoft to generate access tokens. Once an unsuspecting victim clicks on a malicious link contained by an email or website, their account token is stolen. This article continues to discuss the bug found in Microsoft's login system, what the exploitation of this bug could have allowed attackers to do, and how Microsoft responded to this discovery.

TechCrunch reports "A Bug in Microsoft’s Login System Put Users at Risk of Account Hijacks"