Hackers have reportedly come up with a new scam that sees Windows Live ID being used as a trap to get personal information from services like Hotmail, Outlook, MSN, Messenger, Xbox LIVE, and Zune.
Hackers are sending warnings to user saying that unsolicited emails are being distributed through their Windows Live ID accounts, which could lead to blockage of their accounts.
Users are then advised to click on a link to prevent their Windows Live ID from being blocked.
The link redirects users to a fake Windows Live page where they are asked to update their details to fulfill the service’s new security requirements.
However, security experts from Kaspersky Lab found out that the link from the scam email redirected to the original Windows Live website.
Users received a curious prompt from Windows Live service after they authorised their account on the original site.
The prompt asks permission to automatically log into the account, and view profile information, personal and work email addresses and contact list of users.
Hackers reportedly manipulated a security flaw in open protocol for authorisation, OAuth to get access to this technique.
Hackers might not get access to user’s login and password credentials but they can access to contacts nicknames and real names of users along with lists of appointments and important events.
Kaspersky has asked users to avoid clicking on any suspicious links received through email or in private messages.
The security company has also asked users to avoid giving access to personal data to unknown application, and to keep the antivirus software up to date.
Kaspersky Lab senior web content analyst Andrey Kostin said: "We’ve known about security flaws in the OAuth protocol for quite a while: in early 2014, a student from Singapore described possible ways of stealing user data after authentication.
"A scammer can use the information intercepted to create a detailed image of users, including information on what they do, who they meet and who their friends are, etc. This profile can then be used for criminal purposes."