If you haven’t heard about the recent attacks on Xbox Live users, then you’re either a) luckily not affected or b) not paying attention to the internet. Despite a large amount of people complaining of hacks, Microsoft says that there are no issues with Xbox Live.
Over the past few days more and more stories have begun cropping up regarding Xbox Live users being hacked. It seems that many people are finding themselves logging into their accounts to find all of their Microsoft Points drained and that their game history if full of games they’ve never even owned.
It’s still unknown what the source of these hacks are, whether it be keylogging, phishing, or something worse, but Microsoft has stated that Xbox Live is safe. So don’t try suing them, not that you could anyway.
“Microsoft can confirm that there has been no breach to the security of our Xbox Live service. The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats. Online fraud and identity theft are industry-wide problems, and as such people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable.”
While Microsoft claims that this isn’t an issue with Xbox Live, it does seem strange that this is happening in such high occurrences. Many users are reporting that their accounts have been hacked, and there does not seem to be any parallels between stories except for the fact that Xbox Live is involved. Some have even suspected that it could be an exploit tied to Windows Live IDs. It has been suggested that hackers grab Gamer Tags from online play sessions, search those tags to find corresponding emails and then test the validity of the email through a Windows Live ID site.
While this sounds like a tedious process, it’s made even easier due to some poor security features implemented in the Live ID system. If someone enters an invalid email, a messsage will pop up saying “account is invalid,” and similarly if the password is wrong. This means that all hackers need to do is find a correct email then keep trying passwords until it works. After eight attempts Windows Live will try to make users enter a special code or try a different ID. By choosing the latter, the hackers can keep up the process until they find a match.
With some users reporting that their accounts have been hacked and then sold to other users, and some even saying that they have a unique email and password combo for Windows Live, it seems the best course of action at this point is just to beef up your password(s) and remove your payment info. That is, if you don’t mind calling Microsoft to remove your credit card info – because you can’t actually do that through Xbox.com.
Follow me on Twitter @AnthonyMole