Microsoft has quietly altered its Windows Live ID login in response to a reported security concern. Last week, a brute force hack
was exposed, with Microsoft's phrasing of error codes and infinite attempts to access accounts helping hackers along. The security flaw gained more exposure due to the ongoing "FIFA hack
" and related security concerns
"Before it would just let you try over and over," Jason Coutee, the IT consultant credited with exposing the flaw, wrote Joystiq. "But now ... they handle the sign in request on the server in a way that it will stop replying after about 20 attempts."
Coutee feels that Microsoft tightened the security, but didn't make any noticeable changes on the front end.
"Good news is that at least they lengthened the time it would take to brute force Live IDs."
Microsoft notes that the exploit was not a loophole in Xbox.com, but a brute force attack that is an "industry-wide issue."