Microsoft Quietly Fixes Security Loophole

Quietly and without ever admitting the problem, Microsoft has fixed the security loophole that allowed hackers to use brute force attack to find out Xbox LIVE usernames and passwords.

The site's front end hasn't changed but it has changed the way it processes login requests and implemented a server side mechanism that refuses logins after about 20 failed attempts.

Add new comment

This question is for testing whether you are a human visitor and to prevent automated spam submissions.


I like Megagames

You scum bag, no one will miss you. I like the Articles on this damn site. Off with your head. After all who can deny MegaGames is the only site who cares about it's viewers. We begged and begged for years to get rid of the Gay Captcha and guess what, MegaGames listened. They replaced it with a Less gay Captcha. Now what other Game site would have done that.

I love you MegaGames.

The issue isn't the brute

The issue isn't the brute forcing, its the sheer fact that this happened at all. A company such as Microsoft with its vast capabilities should be more than capable of preventing brute forcing at all entry points of their servers. They over-looked a very simple thing that could have easily been avoided. This isn't the first time Microsoft has goofed up. I do feel they should at the very least just own up to their mistake.


"ANY SITE CAN BE BRUTEFORCED" - Nothing could be further from the truth. Bruteforce is the most crude form of hacking, a simple way to prevent it is to limit login to 3 attemps (reset the attemp counter after x hours), fail all 3 and you're forced to change your password via e-mail link/confirmation. Due to user convenience captcha systems are now being favored but still, bruteforce is easy to beat because it requires several tries per second to be effective.

Add new comment