Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Artificial intelligence CoBi Microsoft News Windows All topics
Security Vulnerability

Researcher Cracks Microsoft’s Recall Feature and Warns of Data Leak

Person at Laptop
The Windows feature Recall is once again under scrutiny by experts due to potential security issues. Photo: Getty Images
Share article

April 21, 2026, 7:07 am | Read time: 2 minutes

Microsoft’s Recall feature for Windows 11 is facing criticism again. A security researcher has discovered a significant vulnerability that allows sensitive data to be accessed. Despite being alerted, Microsoft did not respond as expected. Instead of classifying the report as a security flaw, it was closed. This confirms some of the previously expressed concerns about the AI-driven feature.

Recall is an AI tool that continuously tracks user activities on a Windows 11 PC. It regularly takes screenshots, analyzes them, and stores the content. The goal is to make work processes transparent and assist users with their tasks. However, the feature also collects numerous personal and sensitive data. This aspect had already raised doubts early on and even prompted authorities to take notice.

Data Theft at the Moment of Decryption

According to a report by the online magazine “The Verge,” security expert Alexander Hagenah has identified a specific vulnerability. Although Recall stores data encrypted, they leave this protected area when accessed for processing. It is at this moment that a program developed by Hagenah intervenes. The tool, named TotalRecall Reloaded, intercepts the data as soon as they are decrypted, reading both screenshots and recognized text.

Microsoft Sees No Classic Error

Hagenah reported his findings to Microsoft in April 2026. However, the report was closed because the company does not see an error in the traditional sense. According to security chief David Weston, Recall functions as intended. The issue lies more in the fundamental design of the feature than in a classic security flaw. Microsoft also points to additional protective mechanisms and time limits that are supposed to prevent continuous data access.

Hagenah questions this assessment. His tool was able to bypass the protective mechanisms and even intercept data at system startup via Windows Hello. This demonstrates that existing security measures do not work in all cases. Even if such tools were restricted in the future, a security risk would remain. The key is that data must be protected throughout the entire processing cycle. This is precisely where there seems to be a current vulnerability.

Also interesting: Mega Upgrade for Windows 11! Suddenly Much Larger Storage

At least Microsoft Recall is set to undergo a comprehensive overhaul. The current version is apparently considered a failure internally. The function is to be redeveloped in the future, with known issues avoided from the outset. Whether this will succeed remains to be seen.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.