A bug in Xbox Live allowed hackers to find any email associated with a registered gamertag. The site used to report bad behavior in the Xbox online community was hiding a vulnerability that allowed hackers to snag user email addresses.

　　Motherboard reported that last week an anonymous hacker reached out to them claiming to be able to find the email attached to any Xbox gamertag. Motherboard verified the hacker's claims by sending them two gamertags, one of which was created specifically for this testing. Within seconds the hacker sent back the email addresses these tags were registered with. Normally, these email addresses are supposed to be private. Another anonymous hacker told Motherboard that the bug could be found in the Xbox Live enforcement portal. This page is where players can contact the Microsoft team that monitors Xbox's online communities.

　　You need a javascript enabled browser to watch videos.

　　Click To Unmute

　　Firearms Expert’s FAVORITE Weapons Of 2023

　　State Of Gaming Handhelds In 2023How Lies of P Cracked the Souls GenreLike a Dragon: Infinite Wealth - Official Ichiban Kasuga Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Chitose Fujinomiya Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Kazuma Kiryu Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Saeko Mukoda Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Eric Tomizawa Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Tianyou Zhao Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Seonhee Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Koichi Adachi Character Spotlight TrailerLike a Dragon: Infinite Wealth - Official Yu Nanba Character Spotlight Trailer

　　Share

　　LinkEmbed

　　Size:640 × 360480 × 270

　　Start at: End at: Autoplay Loop

　　Want us to remember this setting for all your devices?

　　Sign up or Sign in now!

　　Please use a html5 video capable browser to watch videos.

　　This video has an invalid file format.

　　00:00:00

　　HTML5

　　Auto HD High Low

　　Report a problem

　　Sorry, but you can't access this content!

Please enter your date of birth to view this video

　　By clicking 'enter', you agree to GameSpot's

　　Terms of Use and Privacy Policy

　　enter

　　Now Playing: Xbox Console Evolution: Xbox To Series X

　　Despite the apparent threat to customer security, Microsoft's original response to this security breach was not exactly urgent. In an email response to Motherboard's bug report, the Microsoft Security Response Center (MSRC for short) said, "An email may be considered sensitive information, however, since it provides nothing else to identify the issuer, is not something that meets MSRC bar for service. As such, MSRC is not tracking the issue and will leave it to the product group to determine a mitigation as needed."

　　But on Tuesday a Microsoft spokesperson confirmed that it "released an update to help protect customers." One of the anonymous hackers who contacted Motherboard specifically requested that reporting on the leak not be published until after a fix had been made because it was "the easiest vulnerability I've ever found." Ensuring such precautions are taken is important, even with information that's not extremely delicate like email addresses. Hackers have a precedent of using these kinds of vulnerabilities to dox people, like in 2017 when they used a similar bug on Instagram and created a searchable database to dox celebrities.