Earlier this week Microsoft were bold enough to feed the public with the embarrassing information that private keys for Xbox Live had leaked. Microsoft did not disclose the cause of the leak. The good news is that as of the moment there have been no attacks caused by the leaked keys. However, in order to make sure your Xbox Live account remains safe, read on.
Microsoft released a post to advise the Xbox Live users soon after they realized the private keys had leaked. In the security advisory, Microsoft claimed that the leaked certificate had since ceased functioning. They had to invalidate the certificate to protect their users.
“In a move to protect our esteemed customers, we have ceased using the leaked certificate, SSL/TLS digital certificate. For all valid releases of Microsoft Windows, the company is updating the Certificate Trust list to eradicate trust of the certificate,” the security advisory read.
These measures taken by Microsoft mean that the digital certificate that leaked will not and cannot be used to create new certificates, impersonate any existing domains and sign code.
However, even after the invalidation of the digital certificate, there are chances that Xbox Live is not safe. The private keys can be used in ‘man-in-the-middle’ attacks. A hacker could use man-in-the-middle attack and access a secure connection.
“In the case of such an attack, users communicating will send and receive data to the hacker thinking that they are communicating with an authentic user,” Microsoft said. Such a hacker has the potential to read all data exchanging from a Xbox Live user and a Microsoft user.
Such a hacker, therefore, can steal very sensitive data. According to ZDNet, data that can end up in the hacker’s hands through this method include passwords to the Xbox Live account.
All hope is not lost. In the advisory released by Microsoft, they recommended that all Microsoft Windows valid releases be updated. According to the release, all users should set their accounts to automatic update to reduce the risk of a hack. All this information was given in a monthly security bulletin that was released on Wednesday.
Microsoft releases a good number of such security bulletins every month. In December alone, the company has released 12 bulletins that have covered different security issues. Some of the security concerns Microsoft has focused on in the bulletins include security updates for Microsoft Edge, Internet Explorer, Microsoft Office and Microsoft Windows.