Xbox Live e-mail vulnerability Xbox Series X S

Your Xbox Live email could have been exposed to hackers

By Robert N. Adams

A recently-fixed vulnerability could have exposed a player’s Xbox Live email to hackers through their Gamertag, potentially compromising the online service used for Xbox One and Xbox Series X|S multiplayer gameplay and social features.

Xbox Live has been around for nearly twenty years, beginning with the original Xbox console.  The service has seen changes over the years such as the ways a player can create a Gamertag and its eventual inclusion as part of Xbox Game Pass Ultimate. It has since been discovered that a security vulnerability could have exposed a player’s email to hackers without too much effort.

Why the Xbox Live e-mail vulnerability is a problem for players

Xbox Live e-mail vulnerability logo

The Xbox Live email vulnerability was reported to Vice via two ethical hackers who had wanted to alert Microsoft about the issue. That anonymous hacker asked Vice not to publish anything until Microsoft had confirmed the issue was fixed for one simple reason: it wasn’t too difficult to discover the vulnerability.

“If you publish the article before it’s patched it will get found within 2-3 minutes,” one of the hackers told Vice. “It’s the easiest vulnerability I’ve ever found.”

According to the hacker, the email addresses were accessed via the Xbox Live Enforcement website. The technical issue allowed anyone with the proper knowledge to discover the email address behind any Gamertag within a few minutes. Vice’s own testing showed that the technique worked, although Microsoft has since deployed a fix to correct the problem.

This isn’t the first time this year a player’s personal information wasn’t adequately protected, either — it was recently discovered that a Genshin Impact issue could have exposed the phone numbers of some players. Thankfully, this particular issue was also quickly resolved by Genshin Impact’s developer Mihoyo.

The exposure of a player’s Xbox Live email address on its own wouldn’t result in an account being compromised, but it could have led to online harassment — or more worryingly, phishing attacks. For example, fake Cyberpunk 2077 beta invites went out earlier this year, presumably in an attempt to steal players’ personal information. Nobody knows for certain how long this vulnerability existed in Microsoft’s systems, so players using Xbox Live should pay extra special attention to any emails purporting to be from Microsoft in the future.

Robert N. Adams
Robert N. Adams

I've had a controller in my hand since I was 4 and I haven't stopped gaming since. CCGs, Tabletop Games, Pen & Paper RPGs - I've tried a whole bunch of stuff over the years and I'm always looking to try more!

Share article

Upcoming Releases
ATLAS
Atlas is an action-rpg with rogue-like elements where you use your ability to control the ground to fight the enemies and move through procedurally generated worlds.
Titanfall 3
Development of Titanfall 3 was confirmed in the acquisition of Respawn Entertainment by Electronic Arts in November 2017.
Damnview: Built From Nothing
Damnview: Built From Nothing is a simulation sandbox game about occidental culture and its different social classes. Immerse yourself into a decadent urban sprawl, all while working precarious jobs where you will either be absorbed into the system, or cast out of society’s machine. Damnview: Built From Nothing is a game about despair, the hostility of capitalism, and the need…
Star Citizen
Star Citizen is an upcoming space trading and combat simulator video game for Microsoft Windows. Star Citizen will consist of two main components: first person space combat and trading in a massively multiplayer persistent universe and customizable private servers (known as Star Citizen), and a branching single-player game (known as Squadron 42). The game will also feature VR support.
Reviews
Related
X