We have been covering the news on how a number of Xbox Live users have discovered that their accounts have been taken over by hackers and used to pay for Microsoft points and other content for Microsoft's Xbox 360 console. The account users have insisted they have not been the victims of any phishing or any other online scams that might have been used to obtain user name and passwords. Microsoft has also insisted that the Xbox Live service has not been the subject of a cyber attack.
Now it appears that a person has discovered a way to gain access to Xbox Live accounts that doesn't involve phishing or the direct hacking of the Xbox Live network. As it turns out, it may be a flaw in the Xbox.com web site. Eurogamer.com reports that a person named "Jason" contacted them with the claim that he had found an issue with the Xbox.com web site. The information was later given to AnalogHype by a person named Jason Coutee.
Basically, the two sites state that a person can take over an Xbox Live account by searching for Xbox Live Gamertags in search engines. A person's Windows Live ID can sometimes be discovered by these search methods. Then a person users that Windows Live ID and a password-generating script on the Xbox.com web site. This method can also be used to find the user's password in some cases.
Eurogamer said it has contacted Microsoft about this discovery. So far it appears that Microsoft is aware of this problem but there's been no official response to this apparent loophole in their system.
36 Comments - Add comment