the hacker has already managed to steal passwords and usernames
Windows 365 is already hacked. Just weeks after the release of the PC cloud solution, the hacker managed to get the passwords and usernames of some customers. A cyber security researcher hacker explained in detail how he managed to bypass the security measures put in place by Microsoft.
In mid-July, Microsoft finally raised the curtain on Windows 365. This online PC service provides access to Windows 11 on any device, be it a computer, tablet, or smartphone. The service for companies is available from 18.20 euros / month.
Just a few weeks after Windows 365 booted, security researcher Benjamin Delphy succeeded bypass Microsoft security measures steal usernames and passwords. A vulnerability expert, the expert clarified the process to alert Microsoft with his Twitter account.
The hacker explains how he hacked Windows 365
As he explained to our colleagues at Bleeping Computer, he managed to extract users’ usernames (email addresses) and passwords. plain text file Via Windows 365.. With a little expertise, he was able to gather data from all users connected at the same time. To achieve this exploit, the hacker used Mimikatz, an open source tool that allows cybersecurity researchers to quickly test vulnerabilities.
Benjamin Delphy explains that he has gone through free windows 365 subscription to test the vulnerability. Until recently, Microsoft did offer a free trial offer. Unfortunately, the software publisher had to give up this free offer due to high demand.
Thanks to this information, the hacker explains that he can access another Microsoft service account as well as within the company’s internal network. “It’s just like deleting passwords from a normal session. If I can clear your password in Windows 365 sessions, I can use it on other systems where you have more access, information, etc. ”, details Benjamin Delphy. So far, Microsoft has not responded to the expert’s finding.
Source: Sleeping computer