Bug bounty hunter awarded $50,000 for a Microsoft account hijack flaw
The vulnerability is related to the possibility to launch a brute-force attack to guess the seven-digit security code that is sent via email or SMS as a method of verification to reset the password.
