Microsoft Pays $50 Million Bug Bounty for Critical Azure Vulnerability

Microsoft has paid its largest-ever bug bounty of $50 million to a security researcher who discovered a critical vulnerability in Azure Active Directory that could have compromised every Microsoft 365 tenant globally.

The Vulnerability

The flaw allowed attackers to bypass authentication and gain admin access to any Azure AD tenant using a specially crafted token. The researcher estimated 400 million accounts were at risk.

Response

Microsoft patched the vulnerability within 48 hours of disclosure and confirmed no exploitation occurred in the wild. The company raised its maximum bug bounty from $15 million to $100 million.

$50 million bounty — largest ever by Microsoft
400 million accounts at risk
Patched within 48 hours
No exploitation detected

Microsoft Pays $50 Million Bug Bounty for Critical Azure Vulnerability

The Vulnerability

Response

Share This Article

Related Articles

Ransomware Payments Hit Record $1.5 Billion in 2025: 2026 Outlook

The Cost of a Data Breach in 2026: $4.88 Million Average

Zero Trust Architecture: Why Every Business Needs It in 2026