Microsoft has awarded an independent security researcher $50,000 as part of its bug bounty program for reporting a flaw that could have allowed a malicious actor to hijack users’ accounts without their knowledge. Reported by Laxman Muthiyah, the vulnerability aims to brute-force the seven-digit security code that’s sent to a user’s email address or mobile number to corroborate his (or her) identity before resetting the password in order to recover access to the account.
Read full article on The Hacker News