Insta
Kerala Security Expert, Who Spotted Microsoft Bug Which Left 400 Million Accounts Vulnerable, Rewarded
Swarajya Staff
Dec 13, 2018, 01:44 PM | Updated 01:44 PM IST
Save & read from anywhere!
Bookmark stories for easy access on any device or the Swarajya app.
A Kerala-based techie and fellow researcher had found a series of vulnerabilities that could lead hackers accessing data of 400 million Microsoft accounts of Microsoft Outlook and Office 365.
Microsoft awarded Sahad NK, who is a security researcher at Safetydetective.com and colleague Paulos Yibelo with an undisclosed bounty for the discovery.
"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Sahad.
The bugs, which were reported earlier in June, were fixed by November end.
The proof of existing vulnerability was only made for Microsoft Outlook and Microsoft Sway but expected that it would have affected other accounts such as Microsoft store.
The security expert also discovered that the subdomain 'success.office.com' was misconfigured. He also found a bug in Microsoft Office, Store and Sway products
A string of bugs, when chained together just with a click of a link, an attacker can gain access to a Microsoft account.
A leading technology blog, TechCrunch, said, "Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user".
Sahad also won a bounty from Facebook for discovering a bug last year.
Save & read from anywhere!
Bookmark stories for easy access on any device or the Swarajya app.
Support Swarajya's 50 Ground Reports Project & Sponsor A Story
Every general election Swarajya does a 50 ground reports project.
Aimed only at serious readers and those who appreciate the nuances of political undercurrents, the project provides a sense of India's electoral landscape. As you know, these reports are produced after considerable investment of travel, time and effort on the ground.
This time too we've kicked off the project in style and have covered over 30 constituencies already. If you're someone who appreciates such work and have enjoyed our coverage please consider sponsoring a ground report for just Rs 2999 to Rs 19,999 - it goes a long way in helping us produce more quality reportage.
You can also back this project by becoming a subscriber for as little as Rs 999 - so do click on this links and choose a plan that suits you and back us.
Click below to contribute.