Researcher finds that Outlook and OneDrive leak unique user account identifiers in clear text
Microsoft’s OneDrive and Outlook.com are leaking unique user identifiers in plain text. A developer who goes by the name of ramen-hero has said that both Outlook.com, OneDrive, and Microsoft’s account pages incorporate a unique user identifier known as CID in URLs. The CID is a 64-bit integer (usually formatted in unsigned hexadecimal form) associated with each Microsoft account and used in Microsoft APIs for user identification.
Ramen-hero has made a post on aptly named, Annoyed Microsoft User, detailing how Microsoft is leaking this CIDs in plain text to anyone who wants them.
What’s the problem with this? Well, it turns out that the CID can reveal quite a bit about the account owner. For example, if your account’s CID is 039827D56AE85E00 and Alice knows it, she could
Microsoft Leaks Unique User Account Identifiers in Clear Text
Good one MS, Way to keep our details secure.