Security fail: Microsoft is transmitting and OneDrive user IDs in clear text

Microsoft is revealing users’ unique identifiers in plain text in URLs whenever users login to Live Services such as and OneDrive.
By Mary-Ann Russon
Microsoft is always going on about cybersecurity but a blogger has spotted that the computer giant is exposing the ID numbers of all users who access its online services such as and OneDrive.
Annoyed Microsoft User, a blogger based in Beijing, has spotted that although all Microsoft sites use secure HTTP connections, when a user tries to log in to their account, Microsoft transmits a unique 16-character identifier known as a CID in plain text in the host name of the URL, as part of its DNS lookup request when seeking to connect your computer to Microsoft’s server.
To read the entire article, please click here.


Leave A Comment