NEW DELHI – While the company is working hard to boost demand for the new Xbox Series gaming consoles, Microsoft has identified a bug in the Xbox website that could allow hackers to link users with real email addresses.
Once users are logged in, the Xbox Enforcement website creates a cookie file in their browser with details of their web session so they do not have to verify again the next time they visit the site.
“The cookie file on this portal contained an unencrypted Xbox User ID (XUID) field,” ZDNet reports.
Harris edited the XUID field and replaced it with XUID in a test account he created, which he used to test as part of the Xbox error donation program.
The risk was reported to Microsoft via the Xbox Error Donation Program.
“I tried to restore and refresh the cookie value. Suddenly I could see something else [users’] Email as Harris said.
Microsoft has announced the release of the Xbox Series X and S as the biggest Xbox launch ever.
Although the company does not classify the Xbox error for cash prizes, it may allow threatening actors to link any Xbox player tag to the player’s real email address.
The Xbox Series X and Series S consoles are expected to be in short supply until April next year due to massive demand.