Hackers Can Pull Credit Card Info From Old Xbox 360s [UPDATE: Microsoft Responds]

Mar 30, 2012 by  

360 Hackers Credit Card Hard Drive

Things haven’t been easy for Xbox 360 owners this year, especially after a string of stolen accounts left many without their games for weeks. Brace for more bad news: apparently, hackers can extract credit card information from old 360 hard drives.

The hack was discovered by researchers at Drexel University, who used a variety of mod tools to pull credit card info from refurbished 360s. The tools they used are said to be common, making it relatively simple to secure sensitive information.

What’s most shocking is that this can even be done on systems that have been reformatted to factory settings. Even though one assumes all of their data is wiped when they reformat the system, it seems some of it still left on the hard drive.

“A lot of them [hackers] already know how to do all this [...] Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”

The ease of use certainly makes this story all the more frightening, especially for those who trade in their consoles. With so many used 360′s out there, who knows how many people’s information is at stake?

Ashley Podhradsky, one of the researchers at Drexel suggests hooking up your 360 hard drive to your PC in order to reformat it, as there’s plenty of software out there that will get the job done.

The development is quite shocking, as it means just about every time someone trades in or sells an Xbox 360, they’re running the risk of having their credit card or personal information stolen. What reason would Microsoft have for keeping this data on the hard drive even after a factory reset?

I’ll be picking up a new 360 in a few days and was considering selling my old one, but after this incident that is definitely not an option. Let’s hope Microsoft addresses the issue soon, instead of taking so long to respond like with the stolen accounts.

[UPDATE] Microsoft has responded to the issue, stating (to Joystiq) that what the researchers claim is not possible. That being said, they are trying to get a hold of the console in question in order to replicate the researcher’s actions.

“We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.

Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.”

We’d still reccommend not trading in your Xbox 360′s until further information is revealed, but at least we can all breath a sigh of relief.

-

Follow me on Twitter @AnthonyMole

Source: KotakuJoystiq

7 Comments

Post a Comment

  1. You could give your old system to me! I promise I’m not a hacker nor do I care to steal your info :)

  2. I gave up on Xbox not too long ago. No need to have 2 consoles, had to make a decision. PS3 exclusives and free online is a win win for me.

    • agree :D

  3. He LIES!!

  4. PS3 went throught this already and actually had hackers get cc info didn’t they?

    • That was a hack against the online network, this is an alleged security weakness in the console itself. Sony gave out a year of identity theft protection but they didnt think CC info was ever accessed when it was hacked. As far as I know, nobody ever got their card stolen or anything

  5. Any IT guy knows how easy it is to recover old formatted partitions. The only way to guarantee a hard-drive has no data on it is to format then write over all the used space several times. That’s why “better” formatting techniques take longer; the program is writing gibberish over the previously used space then formatting that in layers basically.

    This is nothing new, the researcher just hooked up an Xbox hard-drive(which is literally the same as a PC hard-drive; hard-drives are hard-drives) that had been low-level formatted to a PC and used some freeware partition recovery software. There are thousands of programs that do this.

    Low-level formatting or “quick” formatting will not erase about 90% of the partition if the drive is 4gb>.

Post a Comment

GravatarWant to change your avatar?
Go to Gravatar.com and upload your own (we'll wait)!

 Rules: No profanity or personal attacks.
 Use a valid email address or risk being banned from commenting.


If your comment doesn't show up immediately, it may have been flagged for moderation. Please try refreshing the page first, then drop us a note and we'll retrieve it.