GameSpot may receive revenue from affiliate and advertising partnerships for sharing this content and from purchases through links.

Xbox Live Bug Let Hackers Access Gamertag Email Addresses

Microsoft had to patch a bug that allowed hackers to access any email registered to a gamertag.

By on

9 Comments

A bug in Xbox Live allowed hackers to find any email associated with a registered gamertag. The site used to report bad behavior in the Xbox online community was hiding a vulnerability that allowed hackers to snag user email addresses.

Motherboard reported that last week an anonymous hacker reached out to them claiming to be able to find the email attached to any Xbox gamertag. Motherboard verified the hacker's claims by sending them two gamertags, one of which was created specifically for this testing. Within seconds the hacker sent back the email addresses these tags were registered with. Normally, these email addresses are supposed to be private. Another anonymous hacker told Motherboard that the bug could be found in the Xbox Live enforcement portal. This page is where players can contact the Microsoft team that monitors Xbox's online communities.

Click To Unmute
  1. Another Crab's Treasure Is A Soulslike 3D Platformer | GameSpot Review
  2. Stellar Blade Review
  3. Super Monkey Ball Banana Rumble - Official Multiplayer Features Trailer
  4. Nintendo 64 – April 2024 Game Updates – Nintendo Switch Online
  5. Gori: Cuddly Carnage | Meow Launch Date Announcement Trailer
  6. PUBG | Erangel Classic Returns
  7. Genshin Impact - "Arlecchino: Afterglow of Calamity" | Collected Miscellany
  8. Marvel Rivals - Official Loki Character Reveal Trailer | The King of Yggsgard
  9. Fortnite Festival - Official Billie Eilish Cinematic Season 3 Trailer
  10. Remnant 2 - The Forgotten Kingdom | DLC Launch Trailer
  11. Stellar Blade - Official "The Journey: Part 2" Behind The Scenes Trailer | PS5 Games
  12. Dead by Daylight | Tome 19: Splendor | Reveal Trailer

Want us to remember this setting for all your devices?

Sign up or Sign in now!

Please use a html5 video capable browser to watch videos.
This video has an invalid file format.
00:00:00
Sorry, but you can't access this content!
Please enter your date of birth to view this video

By clicking 'enter', you agree to GameSpot's
Terms of Use and Privacy Policy

Now Playing: Xbox Console Evolution: Xbox To Series X

Despite the apparent threat to customer security, Microsoft's original response to this security breach was not exactly urgent. In an email response to Motherboard's bug report, the Microsoft Security Response Center (MSRC for short) said, "An email may be considered sensitive information, however, since it provides nothing else to identify the issuer, is not something that meets MSRC bar for service. As such, MSRC is not tracking the issue and will leave it to the product group to determine a mitigation as needed."

But on Tuesday a Microsoft spokesperson confirmed that it "released an update to help protect customers." One of the anonymous hackers who contacted Motherboard specifically requested that reporting on the leak not be published until after a fix had been made because it was "the easiest vulnerability I've ever found." Ensuring such precautions are taken is important, even with information that's not extremely delicate like email addresses. Hackers have a precedent of using these kinds of vulnerabilities to dox people, like in 2017 when they used a similar bug on Instagram and created a searchable database to dox celebrities.

Got a news tip or want to contact us directly? Email news@gamespot.com

Xbox One
Xbox Series X
Join the conversation
There are 9 comments about this story
Load Comments (9)