Laxman in his blog The Zero Hack, this incident Explained is. He says that a problem existed in Microsoft’s online service, due to which anyone could easily hack your Microsoft account and all this was possible without your knowledge. Please tell that after giving information to Microsoft, they have fixed this problem and Laxman has also been given a reward of $ 50,000 i.e. about 36 lakh rupees under the bounty program.
Laxman told in the blog that he had earlier posted a post on Instagram. Problem detected Was, for which Facebook rewarded him. After this, Laxman found that Microsoft was also using a similar technique to reset the password of the account. In such a situation, Laxman thought to test this problem and found that due to this problem here, hackers can grab the account.
Although Laxman has explained this problem in detail in his blog, but we explain it to you in easy language. Actually, when any Microsoft user resets his account password, the website takes him to the password reset page. Here the user has to enter his mobile number or email address. After this, Microsoft sends 7-digit OTP to the person and for verification, the user has to put this code on the page. Now if a person (hacker) performs Bruteforce (inserting multiple passwords at once) combination of these 7 digit codes, then he can reset his password by himself without knowing the user. However Laxman says that the system has certain limits set, which prevents them from attacking in large numbers. It took Laxman a long time to figure out the problem.
Laxman further stated that he recorded a video of the bypassing the system and sent it to Microsoft, soon after which Microsoft fixed it and also rewarded Laxman.