Microsoft Accidentally Leaks Xbox Live Security Certificate, Quickly Fixes Issue
posted Monday Dec 14, 2015 by Nicholas DiMeo
With every major company, there is always a change for a security exploit or data breach to creep up. How the company reacts to it usually defines its culture and character. This week, Microsoft accidentally leaked some sensitive data that could expose Xbox users to identify theft issues.
In an advisory posted this week as part of the usual security updates, Microsoft said that private keys and security certificates to Xbox Live were "inadvertently disclosed." The company did not specify how it happened, however the good news is that Microsoft swiftly took care of the problem.
The team has since revoked the trusted certificate, rendering it useless to any would-be attacker. If this hadn't occurred, any person with malicious intent could have set up a website to act like xboxlive.com, thus intercepting a secure connection to the real site. From there, unaware users could have given the fake website username and password information, which runs the risk of being opened up to identify theft. Microsoft says that it is not aware of any issues or attacks surrounding the leaked data, and as mentioned, moved quickly to solve the problem.
This matter proves not only as a reminder to users to be careful with what websites they visit and programs they download, but also reminds users to place their trust in companies that take data security seriously. In the past, other tech giants have not reacted as rapidly, while others chose to simply ignore the issue like it never happened. While some may pick and poke at Microsoft, the security team at the Redmond-based software company issues a dozen or so updates per week in order to protect its millions of users from new flaws as soon as they sprout up. That is a culture that cares for its users and is a character that can be respected.