Xbox Live has been making the news quite a bit recently, unfortunately due to a string of hackings and poor technical support. Is it possibly Xbox.com is the source of the problem?
Eurogamer was contacted by a character named Jason who claimed to know how to hack into Xbox Live accounts, shortly before this post on Analogue Hype went live from who they can assume is the same Jason. The post gives a step by step, and if any of this is true, it’s a little scary how easy it is.
According to both sources (should they be the same person or not,) the source of the breach is the official Xbox.com website. After eight password attempts at a log in, the system will present you with a CAPTCHA, and all it takes is a simple script to exploit the system before CAPTCHA can save the day.
With a bit of google fu, you can try to find the email address associated with the Gamertag, or even just try the tag itself as a live ID. With a combination of these methods you can apparently brute force your way into their account, with all access to their banking details.
Apparently Jason is a network infrastructure manager who was hacked himself, and after being denied a refund by Live support, he decided to try and fix it himself. This is how he discovered this apparent security flaw.
While there’s no confirmation that this works, Microsoft denies this is an issue, although they are currently addressing it according to Eurogamer.
If any of this is true, it’s terrifying. This does not make me want to give Microsoft my banking details – I need that money for chocolate.
