Richard Bucker

A bug in Microsoft's login system put users at risk of account hijacks

Posted at — Dec 2, 2019

Again this reads like you have to have access to the local machine in order to do any of these things. Feels like there could be a couple of simple patches… but oh no.

Here are the README links in the same post:

A bug in Microsofts login system made it easy to hijack anyones Office account StockX was hacked, exposing millions of customers data DoorDash confirms data breach affected 4.9 million customers, workers and merchants Equifax breach was entirely preventable had it used basic security measures, says House report Stop saying, We take your privacy and security seriously Capital One breach also hit other major companies, say researchers Macys said hackers stole customer credit cards again

NOTE that there is a second login issue. Possibly unrelated.