Chennai, March 3 : Microsoft has awarded a Chennai-based security researcher $50,000 (approximately Rs 36 lakh) for spotting vulnerability on the company’s online services that “might have allowed anyone to takeover any Microsoft account without consent”.
After assessing his report, the Microsoft security team patched the issue and rewarded him $50,000 as a part of their Identity Bounty Program, security researcher Laxman Muthiyah wrote in a blog post on Tuesday.
Muthiyah earlier won bug bounty from Facebook for finding a similar account takeover vulnerability in Instagram.
“I found Microsoft is also using the similar technique to reset user’s password so I decided to test them for any rate limiting vulnerability,” he said.
Muthiyah explained that to reset a Microsoft account’s password, users need to enter email address or phone number in their forgot password page. After that they will be asked to select the email or mobile number that can be used to receive the security code.
Once they receive the 7-digit security code, they will have to enter it to reset the password.
Related stories
Subscribe
- Never miss a story with notifications
- Gain full access to our premium content
- Browse free from up to 5 devices at once
Latest stories