Software // Enterprise Applications
02:07 PM
Risk Data as a Strategy
Apr 06, 2016
There is a renewed focus on risk data aggregation and reporting (RDAR) solutions, as financial ins ...Read More>>

Security Flaw Threatened Microsoft Passport Personal Information

The company says the flaw, which let hackers change a customer's password, has been fixed.

A flaw in Microsoft's password recovery let hackers change a customer's password to Microsoft's Passport online-identity service, but has been fixed, the company confirmed Thursday.

The flaw was posted late Wednesday to Full Disclosure, a security mailing list. It let attackers change the password of users' accounts for any account where the attacker knew the user name the customer was using to access Passport. Analysts say the attack appeared simple to perform and jeopardized customers' personal information, including credit-card information.

Passport accounts can used by Web surfers to log onto multiple Web sites using the Passport service as the single authentication to Web sites that choose to accept Passport logins as authentic. Microsoft also has touted Passport as an important part of its Web services future.

Adam Sohn, product manager for Microsoft Passport, says the company shut down user access to its Passport password-reset service shortly after it learned of the flaw. Microsoft fixed the problem within eight hours of its disclosure, he says.

That may be so, but Avivah Litan, VP for financial services at Gartner, says the incident doesn't bode well for Microsoft. Litan says while Microsoft's problems with security vulnerabilities may be widely known in the tech industry, average consumers will become wary of the company's software as they learn about security issues like this. "This is exactly what they didn't need at the wrong time," Litan says. "This is just going to escalate the issue and make their security issues more widely known to a wider audience."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
4 Trends Shaping Digital Transformation in Insurance
Insurers no longer have a choice about digital adoption if they want to remain relevant. A comprehensive enterprise-wide digital strategy is fundamental to doing business today.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 17, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.