(NewsNation) — A security expert says, after first dismissing his warning about a bug in its Outlook email app, Microsoft has “acknowledged the issue.”
Vsevolod Kokorin says he discovered a glitch that could allow someone to impersonate official Microsoft accounts in certain circumstances. He shared his warning on X after he said Outlook techs told him they couldn’t reproduce the issue.
The issue, according to Kokorin, lets someone using Outlook send an email to another Outlook user masquerading that email as coming from a Microsoft corporate account. 400 million people have Outlook accounts.
“Microsoft just said they couldn’t reproduce it without providing any details,” Kokorin told the website TechCrunch in an online chat.
Kokorin demonstrated the bug to TechCrunch by sending it an email saying “Hi! It’s Microsoft security team. We are scamming you!!!” The message’s sender read “security@microsoft.com”
Kokorin says he followed up with Microsoft on June 15 but got no response.
On June 18, he shared on X: “I am grateful to everyone who reposted this post and offered me words of support. At this point, they have acknowledged the issue.”
Microsoft has not responded to requests for comment from numerous media organizations.