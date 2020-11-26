New Delhi - As the company struggles to meet to surge in demand for new Xbox Series gaming consoles, Microsoft has patched a bug in the Xbox website that could have allowed hackers to link usernames to the real email addresses.

After users log in, the Xbox Enforcement site creates a cookie file in their browser with details about their web session, so they won't have to re-authenticate the next time they visit the site again.

"This portal's cookie file contained an Xbox user ID (XUID) field that was unencrypted," reports ZDNet quoting Joseph ‘Doc' Harris, one of the several security researchers who reported the issue to Microsoft this year.

Harris edited the XUID field and replaced it with the XUID of a test account he had created and had used for testing as part of the Xbox bug bounty programme.

The vulnerability was reported to Microsoft through Xbox bug bounty programme.