Recently, an independent security researcher has discovered a serious flaw that could have allowed
malicious threat actors to access any Microsoft account without the user’s knowledge. Microsoft has
awarded, Laxman Muthiyah $50,000 as part of its bug bounty program for reporting the serious
flaw. The vulnerability aims to brute-force the seven-digit security code that's sent to a user's email
address or mobile number to corroborate his (or her) identity before resetting the password in order
to recover access to the account.