SECURITY: Microsoft won’t fix Windows flaw that lets hackers steal your username and password.
A new proof-of-exploit shows just how easy it is to steal someone’s credentials.
The flaw is widely-known, and it’s said to be almost 20 years old. It was allegedly found in 1997 by Aaron Spangler and was most recently resurfaced by researchers in 2015 at Black Hat, an annual security and hacking conference in Las Vegas.
The flaw wasn’t considered a major issue until Windows 8 began allowing users to sign into their Microsoft accounts — which links their Xbox, Hotmail and Outlook, Office, and Skype accounts, among others.
Overnight, the attack got larger in scope, and now it allows an attacker to conduct a full takeover of a Microsoft account.
Perfect Privacy advises that to stay secure, “don’t use Internet Explorer, Edge, or Microsoft Outlook, and don’t log in to Windows with a Microsoft account.”