Kerala Security Expert, Who Spotted Microsoft Bug Which Left 400 Million Accounts Vulnerable, Rewarded

A Kerala-based techie and fellow researcher had found a series of vulnerabilities that could lead hackers accessing data of 400 million Microsoft accounts of Microsoft Outlook and Office 365.

Microsoft awarded Sahad NK, who is a security researcher at Safetydetective.com and colleague Paulos Yibelo with an undisclosed bounty for the discovery.

"Immediately after finding these vulnerabilities, we contacted Microsoft via their responsible disclosure programme and started working with them," said Sahad.

The bugs, which were reported earlier in June, were fixed by November end.

The proof of existing vulnerability was only made for Microsoft Outlook and Microsoft Sway but expected that it would have affected other accounts such as Microsoft store.

The security expert also discovered that the subdomain 'success.office.com' was misconfigured. He also found a bug in Microsoft Office, Store and Sway products

A string of bugs, when chained together just with a click of a link, an attacker can gain access to a Microsoft account.

A leading technology blog, TechCrunch, said, "Anyone's Office account, even enterprise and corporate accounts, including their email, documents and other files, could have been easily accessed by a malicious attacker, and it would have been near-impossible to discern from a legitimate user".

Sahad also won a bounty from Facebook for discovering a bug last year.