A White Hacker From Kerala Saved 40 Crore Microsot Users Out Of The Vulnerabilities

Jyotis - Dec 14, 2018


A White Hacker From Kerala Saved 40 Crore Microsot Users Out Of The Vulnerabilities

What made the bug the most dangerous was that all the victims had no awareness of their real situation.

Discovering the vulnerabilities and keeping safe for users are always the top priority of the prominent tech companies like Microsoft and Google. That explains why they offer a lot of attractive cash incentives and bug bounties for those who detect any possible bug in their software.

Microsoft Hack 1544618692 725x725

In recent times, Sahad NK, a security engineer from Kerala has won the Microsoft’s bug bounty program when finding out vulnerabilities in code that make those who are using Microsoft Store, Office 365, and Microsoft Outlook face the dangerous attacks by hackers.

As a contract researcher, Sahad NK is now working for a cybersecurity platform called Safetydetective.com. After combining all of the found vulnerabilities, he realized that more than 40 crore Microsoft accounts might be exposed to the risks with the only click on a specific link.

And then, Safetydetective quickly informed Microsoft of the latest bug. That happened in June. However, Bill Gates’s tech giant has just fixed the bug at the end of November, and therefore, we can now discuss it publicly.

Https Blueprint Api Production S3 Amazonaws Com Up

The way Sahad detected the vulnerabilities was rather interesting. At first, he found “success.office.com,” an out-of-date URL in Microsoft whose configuration had been inexact. As a result, he could quickly gain the control of this domain, create an unreal Azure web app and map the app to gather all of the data which was transferred to the subdomain.

The first bug wasn’t actually dangerous; however, the next vulnerability would be a real issue. All the tokens used to log into Microsoft apps like Microsoft Store, Microsoft Outlook, and Office 365 would be sent to the success.office subdomain. As such, Sahad could send a phishing email to the leaked account names. When the victims put a click on the link, their Microsoft accounts would be entirely controlled by Sahad.

What made the bug the most dangerous was that all the victims had no awareness of their real situation, as well as they didn’t know the truth of the fake Microsoft emails. According to Safetydetective, antivirus programs could do nothing in this situation.

All of the Microsoft users should thank Sahad NK because he wants to be a white hacker rather than a black one. If not, we may be victims of this Microsoft bug.

Comments

Sort by Newest | Popular