Xbox Live Bug Allowed Hackers To Reveal Anyone's Email Address

It's been revealed that a flaw in Xbox Live has been allowing hackers to retrieve the email addresses of anyone's Xbox gamertag, although Microsoft has now patched and seemingly played down the issue.

As reported by Motherboard, a hacker got in touch with the outlet recently to make them aware of the problem, and reportedly proved its existence with two gamertags - sending back the associated email address within seconds. A second hacker told the outlet that the bug was located in the Xbox Live enforcement portal.

In response, Microsoft patched the bug last week, but also sent an email to the outlet before doing so, seemingly playing down the concern by suggesting it wasn't considered to be a major security risk.

"We received multiple reports regarding this and have informed the appropriate team about the issue and will let them address this as needed. An email may be considered sensitive information, however, since it provides nothing else to identify the issuer, is not something that meets MSRC bar for service. As such, MSRC is not tracking the issue and will leave it to the product group to determine a mitigation as needed."

This response was sent on the Monday, and the issue was patched on the Tuesday.

According to Motherboard, the hacker who contacted the outlet only asked for the article to be published after Microsoft had fixed the issue due to it being the "easiest vulnerability I've ever found", reportedly stating that if the article was published before the problem had been patched, it would have been discovered within 2-3 minutes.

What are your thoughts on this? Let us know down in the comments section below.

[source vice.com]