A recent security patch has been released by Microsoft to attend an allegedly a Zero-Day vulnerability found on Xbox Gamertag ID. The Gamertag is a sort of identification in the Xbox community use to report other gamers that may have violated the community policy to Microsoft for proper sanctioning. As their official statement, Microsoft Security Response Center or MSRC said to release this patch as part of their commitment with the Xbox community to protect the security of every member. Later the issue was confirmed to the vulnerability that a hacker can exploit to obtain the email address that is tied to Xbox Gamertag used to register their account.
In-depth controversy about the patch revealed that Microsoft timely released was after a bug report has been received from an ethical hacker group called Motherboard.
The group confirmed that they are not the ones who discovered the flaw but have received a report from another concerned hacker who performed a live demonstration of the said Xbox Live vulnerability to showcase the authenticity of the story.
According to Motherboard, confirming the hacker report, they simulate and create a new Gamertag. Within a few seconds, the hacker was able to reply to them with the email addresses that are tied to the new account created on Xbox. Upon completing and confirming the authenticity of the vulnerability found on the Xbox Live Enforcement program, Motherboard immediately contacted Microsoft and provide the complete report. After that, the patch has been created and immediately released to the Xbox community.
Further in the report confirmed that this issue has already been ongoing with the Xbox Gamertag account. Still, Motherboard is unable to confirm the extent of possible damage this vulnerability may have been done on the community. Motherboard confirmed that they have already received a similar but were unable to verify the authenticity before.
In another official statement from Microsoft confirmed that they appreciate the report though they are not treating it as critical. It is confirmed that they have already received numerous reports on the issue. Now the designated team has already been on the lookout for this issue.
On the contrary, many cybersecurity experts see this issue as a critical one as this can result in many possibilities of malicious activity. Email addresses are considered sensitive information that every company that asked for this information must ensure its storage as hackers can exploit this and do fatal damage to the company and its customers. Citing the evidence happened in 2017, wherein email addresses tied to Instagram account have been compromised and later created chaos within the IG community.
Fortunately, the reported vulnerability has already been addressed even before this report has been sensationalized as this may have given time to other malicious hackers to further exploit it. In which the concerned hacker initially requested to Motherboard to lessen the possible impact of the report.