In case you’ve been living under a rock for a few months, Xbox Live accounts are being hacked and saved credit card details are being used by sneaky thieves to purchase MS Points. Our own Geoff Burrows experienced exactly this with his Xbox Live account, but was fortunate enough to have his bank fix everything back up regarding his credit card.

A theory has recently cropped up online that might explain how people are losing control of their accounts, and it all has to do with Xbox.com and not actual Xbox Live. Most people on Xbox Live are aware that an Xbox Live account and Windows Live ID are one in the same thing. Microsoft’s Xbox.com website apparently makes it rather easy for hackers to use a script to execute a brute-force hack that bypasses the minimum password attempts before CAPTCHA security kicks in. CAPTCHA is the system that prompts you to enter a randomly generated letter and number phrase, but they’re extra tricky to read and sometimes you have to hit refresh about a billion times before you get one that is actually legible… or is that just me?

Obviously the Windows Live ID or Xbox Live Account username is found by doing a Google search on the various Xbox Live Gamertags you’ve played against online. Once you’ve found a bunch of possible Windows Live ID email addresses, you enter them and wait for Xbox.com to tell you whether or not they exist as a Gamertag username or not – yes, Xbox.com actually tells you that. How thoughtful!

So far this is the current theory as to how Xbox Live accounts are hacked. The good news is that since this information has hit the interwebs, it appears as if Microsoft has beefed up security on Xbox.com. They’ve also issued the following statement:

“The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats,” the company declared.

Security in the technology industry is an ongoing process, and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it.

We continue to evolve our security features and processes to ensure Xbox Live customers’ information is secure.

Online fraud and identity theft are industry-wide problems and, as such, people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable.”

Incidentally, this is the first time that Microsoft has issued a statement on the Xbox Live hacks. Whoever is overseeing this security breach should give the guys over at Sony some tips on how to keep a major security issue hush-hush.

Source: Eurogamer

More stuff like this: