Microsoft warns Xbox users of security leak

Microsoft has issued a warning that the Xbox Live website is susceptible to attacks after the company “inadvertently disclosed” a security certificate. Microsoft said it is “not currently aware” of any attacks that were related to the issue and is working to resolve it. It is not effecting the Xbox 360 or Xbox One but it is effecting Windows 10 and Windows Phone devices.

“The certificate can be used by an attacker to impersonate the xboxlive.com domain and carry out a so-called ‘man-in-the-middle’ attacks, which allows the attacker to intercept the website’s secure connection,” ZDNet explains. “This could trick Xbox users into handing over their username and password, potentially leading to further attacks on the user.”

“Microsoft is aware of an SSL/TLS digital certificate for *.xboxlive.com for which the private keys were inadvertently disclosed,” it said. “The certificate could be used in attempts to perform man-in-the-middle attacks. It cannot be used to issue other certificates, impersonate other domains, or sign code. This issue affects all supported releases of Microsoft Windows.”

“To help protect customers from potentially fraudulent use of the SSL/TLS digital certificate, the certificate has been deemed no longer valid and Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of the certificate.”

Do not give your personal information to anyone guys and keep making sure your account is locked and secure.