A bug in Microsoft’s login system put users at risk of account hijacks

Researchers at Israeli cybersecurity company CyberArk found that Microsoft left open an accidental loophole which, if exploited, could’ve been used to siphon off these account tokens used to access a victim’s account — potentially without ever alerting the user.