Xbox Bug That Could Have Leaked Actual User Email IDs Through Gamer Tag Patched by Microsoft: Report


Products You May Like

Microsoft has reportedly patched a bug in an Xbox website that could have potentially exposed users’ real email addresses associated to their Xbox gamer tags. This vulnerability was reported to the company through its bug bounty programme and has since been fixed. The findings for the bug that was reportedly found on were shared with an online publication earlier this week. The report explains that an Xbox user ID (XUID) field was unencrypted on

According to a report by ZDNet, the bug in was spotted by Joseph “Doc” Harris and a team of security researchers. The website,, allows Xbox users to view strikes against their profile, as well as file appeals if in case they feel the strike is unfair. It was found that after a user logs in to the website, it creates a cookie file with details of the web session in their browser. This cookie file included an unencrypted Xbox user ID (XUID) field.

Harris was able to use standard browser tools to edit the XUID field and replace it with the XUID of a test account he had created for the Xbox bug bounty programme. Once he replaced the value and refreshed the page, emails of other users were visible. Check out the video by Harris detailing the same.

It was noted that other subdomains were not affected by this bug. The report states that Microsoft patched this bug last month and encrypted the XUID. It was a server-side fix and a Microsoft spokesperson told ZDNet that users do not need to do anything. Additionally, while the bug was not covered under the company’s bug bounty programme, it featured Harris as a contributor in its Bug Bounty Hall of Fame. However, there was no monetary reward.

The bug had the potential to leak actual email IDs to hackers which could then be used for malicious purposes. What’s alarming is that no special tool was required to get access to other user’s email ID.

Which is the best TV under Rs. 25,000? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated – see our ethics statement for details.

Products You May Like

Articles You May Like

Bitzlato Crypto Exchange Founder Arrested for Aiding Cybercriminals
Ex-Genesis execs claimed they raised millions for crypto hedge fund just as former company neared bankruptcy
Microsoft Says Q4 2022 Sales Slowed, Profits Slumped as Cloud Computing Revenue Sees Growth
Poco X5 Pro 5G Price in India Leaked, Could Launch on February 6: Report
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Leave a Reply

Your email address will not be published. Required fields are marked *