Microsoft, the company behind the Xbox series of consoles, has discovered and patched a bug that surrounds their Xbox Live online multiplayer platform, which resulted to the unnecessary leaking of Xbox users' email addresses.
The bug that surfaced Xbox Live has seen appearances across all the latest and up-to-date Xbox consoles available, such as the Xbox One, and the newly released Xbox Series X and Xbox Series S that was launched only last November 12. It allowed hackers to be able to access the email addresses of Xbox users which they registered on the Xbox Live accounts.
Claims about the bug began when an anonymous hacker contacted Motherboard, wherein it has said that it could discover and see the email addresses of the users linked to their own gamertags. The claim was then verified by Motherboard after two email addresses, with one being created just a few minutes before and was made just for the testing purposes, was determined by the hacker just by knowing its gamertag given by Motherboard.
It was followed through by another anonymous hacker who also approached Motherboard and told that the bug was located in the Xbox Live enforcement portal, which Xbox users and players use to have a certain way of communicating and interacting with the governing body of the company behind the console's ongoing system.
Motherboard then reached out to Microsoft, but the Microsoft Security Response Center or the MSRC, at first, did not consider the reported bug a major security issue, saying that it somehow did not qualify the MSRC's service reach. MSRC also pointed out that even email addresses are somehow classified as private and sensitive information, they do not see any possibility wherein it could track down the main identity of the users who registered the email addresses on the system.
Yet they have still patched the bug, a spokesperson confirmed. According to a report by entertainment and culture site Vice, an update was released by the company in order to "help protect customers."
Earlier Issues of Information Leaks
Not long before this issue emerged, the game Genshin Impact also was put on the hot seat after issues of leaking the private information of its players also rose to infamy. The linked email addresses are semi-covered with asterisks, but the mobile phone numbers that were registered could be seen and accessed by anyone who would attempt to log in random usernames on the game's password recovery system.
The users from the Genshin Impact community were also the one to have noticed that problem when they started to pose their experiences in the game's official Reddit page. As of today, the issue was now solved yet some players no longer registered and linked their mobile phone numbers to ensure their own information's safety and security.