Microsoft team members targeted in Xbox Live account attacks

Xbox Live accounts have been compromised before via social engineering methods but now a new report claims that a group is going after accounts that have been used by current and former "high-profile" Microsoft employees.

The Verge reports that Microsoft has admitted to the attacks and added, "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members." The company did not give specific information on which Microsoft team members had their accounts hacked.

It's believed that the group responsible for these accounts being compromised was able to gain access to a third party database which included social security numbers. The hackers are believed to have used social engineering techniques to obtain the Xbox Live account information starting with the social security numbers as their basis. For its part, the company says, "Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts."

As usual, the best way to keep your Xbox Live account, or indeed any online account, as safe as possible is to change your password on a regular basis and to use strong passwords.

Source: The Verge | Image via Microsoft

Report a problem with article
Previous Story

NVIDIA shows off new roadmaps for graphics and mobile chips

Next Story

Richard Garriott thinks "most game designers really just suck"

10 Comments

Commenting is disabled on this article.

> Microsoft has admitted to the attacks

Once more, John fails to grasp the meaning of the verb.

MS has nothing to "admit". They're not attacking anyone; they're on the receiving end. John's constant misuse of "admit" always twists stories in such a way that it makes it looks like somebody's trying to hide something or is at fault.

_dandy_ said,
> Microsoft has admitted to the attacks

Once more, John fails to grasp the meaning of the verb.

MS has nothing to "admit". They're not attacking anyone; they're on the receiving end. John's constant misuse of "admit" always twists stories in such a way that it makes it looks like somebody's trying to hide something or is at fault.


It's how he gets us to click on the links, he's also just a bad writer.

Like taking pride in his work? Which should therefore motivate him to try to improve his craft?

I mean, writing is his day job, isn't it?

It only doesn't help if you fall for the "paste your password here" tricks. Of course if I pasted one of my 16 character passwords in, no one would believe it's an actual password.

Thank You Last Pass!!!

webdev511 said,
It only doesn't help if you fall for the "paste your password here" tricks. Of course if I pasted one of my 16 character passwords in, no one would believe it's an actual password.

Thank You Last Pass!!!

And that's still not going to help if your reset password question is 'what was your first pets name?'

When these questions are so easy to obtain, even without any social engineering via facebook lookups, it's clear why these types of hacks are becoming more of a problem. Trust in 'authority' figures, mindless sheep doing what is asked of them doesn't help matters.
There has been a strong increase in security such as salting passwords but there is still the low tech way of getting the access you want. Most of the time its just a matter of asking for it, quite literally.

If that's not bad enough, I know 'UK' accounts have poor recovery system. you don't even have to validate the full address on the account for password recovery, you just select UK... That's why I set mine to something else and at least I have to give the correct zip code. I don't even use my real date of birth.

I'm more interested in special characters being allowed.

XBL, or more specifically GFWL, is tied to your hotmail account, which can have special characters. However, the GFWL service (both the client and the ingame interface) don't support special characters, resulting in an error when trying to login.

It's been months, if not years, and this still hasn't been fixed.

Not sure what's wrong with some companies taking so long to give us better security; some have 100 character limit with full special character support while others are limited to a paltry 8 character letter/number combination only.

The time to step things up is long overdue..