In January, we reported on Susan Taylor, who said her Xbox Live account was highjacked by one or more people, resulting in hundreds of dollars being charged to her credit card. At the time, Microsoft said that there was no evidence of Xbox Live being hacked into and that Taylor was likely just the latest victim of "malicious scams."
This week, Taylor updated her website, Hacked on Xbox, claiming that she had discovered at least one way these scam artists get access to Xbox Live accounts. It's pretty elaborate but the summary is that these users get Microsoft themselves to give up the account access through both online methods as well as contacting Microsoft customer support on the phone.
Taylor states in her blog:
Unfortunately the techniques mentioned in this article are hard to combat when all it takes is a bit of smooth talking and playing dumb to get the details required to take over control of your account. Without Microsoft taking steps to increase security on their end, there is very little that we can do to actually stop these jackers.
Microsoft has already responded to Taylor's article. Kotaku writes that according to Microsoft, it is well aware of several ways scam artists try to access Xbox Live accounts, including using phone-based social engineering techniques. The response added:
We really appreciate that these issues have been raised; however, the specific examples in this article contain information that is invalid and out-of-date. We would welcome the opportunity to work directly with Ms. Taylor and the members who have contacted her with unresolved cases. We have done a considerable amount of work to resolve cases for our customers in the last several months and will be reaching out to her to provide further assistance.
Source: Hacked on Xbox