a hacker has already managed to steal passwords and usernames
Windows 365 has already been hacked. Just weeks after the PC cloud solution was launched, a hacker managed to get hold of some customers’ passwords and usernames. A cybersecurity researcher, the hacker detailed how he managed to bypass the security measures put in place by Microsoft.
In mid-July, Microsoft finally lifted the veil on Windows 365. This online PC service provides access to a copy of Windows 11 on any device, whether it is a computer, a tablet or smartphone. Intended for businesses, the service is offered from 18.20 euros / month.
Only a few weeks after the launch of Windows 365, Benjamin Delphy, researcher in computer security, succeeded in bypass Microsoft’s security measures to steal passwords and usernames. Vulnerability specialist, the expert detailed the process in order to warn Microsoft on his Twitter account.
The hacker explains how he hacked Windows 365
As he explained to our colleagues at Bleeping Computer, he managed to extract the usernames (e-mail address) and passwords of the users in a plain text file via Windows 365. With a little expertise, he managed to collect data relating to all users connected simultaneously. To achieve this exploit, the hacker used Mimikatz, an open-source tool that allows cybersecurity researchers to quickly test for vulnerabilities.
Benjamin Delphy explains that he went through a free Windows 365 subscription to test the vulnerability. Until recently, Microsoft did indeed offer a free trial offer. Unfortunately, the software publisher was forced to abandon this free offer in the face of strong demand.
Thanks to this information, the hacker explains that he is able to get into other Microsoft services account as well as within a company’s internal network. “It’s just like clearing passwords from a normal session. If I can clear your password in Windows 365 sessions, I can use it on other systems where you can have more privileges, data, etc. ”, details Benjamin Delphy. For now, Microsoft has not yet reacted to the discovery of the expert.
Source: Bleeping Computer