Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I had endless trouble with Microsoft phone support telling me they'd successfully cancelled my Xbox Live Gold member ship only to get another bill the next month. Turns out there were two Xbox accounts linked to the same Gmail account, one with a "." and one without.


This is the "gmail fullstop" problem.

This is a massive security oversight and has already made its rounds already.

Xbox accounts have been compromised, but really, anything can, if you own first.last@gmail.com, you better be careful about everything you do.

People who know your email know your name, and can cause services to email you things, using two accounts, one your's the other, not.


Indeed. What made it harder to detect was I'd made them myself at some point in the long history of xbox live, so all the account details were identical between the two.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: