Gameranx

Video Game News, Lists & Guides

Microsoft: Xbox.com Hacking Loophole Isn’t a Problem

by

Denying any fault, the company has claimed that the vulnerability is an "industry wide issue."

Microsoft has once again denied that Xbox Live's security has been threatened, despite new allegations that hub site Xbox.com has a flaw that makes it especially vulnerable to brute force attacks.

While we've been hearing reports of hijacked accounts for months now, last week brought renewed interest in the rash of hackings as network infrastructure manager Jason Coutee offered a possible explanation. According to Coutee, the Xbox.com login page features a security flaw that makes it very simple to run a "brute force" hacking attempt — repeatedly attempting to log in to an account by guessing the password. While the site does throw up a captcha after after multiple failures, clicking a single link on the page will remove that requirement and allow potential hackers to begin again fresh.

When he tried to warn Microsoft about the problem, Coutee says he was met with disinterest and ultimately ignored outright.

Now, Microsoft has responded to the allegations, explaining to Metro why they didn't listen to Coutee's warning.

"For security reasons, we do not publicly discuss the architecture of the Xbox Live system or account security," the rep explained. "We direct concerned customers to the forums where we monitor for topics such as security concerns. Security in the technology industry is an ever-changing process. With each new form of technology designed to deter attacks, the attackers find new ways to subvert it. We continue to evolve our security features and processes to ensure Xbox Live customers information is secure."

And as for the loophole on the Xbox.com login page? MS claims it's a non-issue.

"This is not a 'loophole' in Xbox.com. The hacking technique outlined is an example of brute force attacks and is an industry-wide issue."

On the one hand, they're absolutely right. Brute-force hacking attempts are a common problem, and Xbox.com is far from unique in that regard. On the other, it's entirely possible (and good security practice) to implement a timed lockout on a per-account basis, rather than offering an infinite number of attempts with captcha.

Despite the public denials, Microsoft could certainly be doing more to protect its customers, and I wouldn't be surprised if they quietly update Xbox.com to close the security holes in the coming weeks.

Recent Videos

10 Things That Got WORSE Last Year

10 Things That Got WORSE Last Year
20 Best Racing Games That TRULY Test Your Patience

20 Best Racing Games That TRULY Test Your Patience
10 Secret Levels in Games You WEREN'T MEANT TO FIND

10 Secret Levels in Games You WEREN'T MEANT TO FIND
Top 10 NEW Games of 2026 [First Half]

Top 10 NEW Games of 2026 [First Half]
10 WEIRD Gaming Stories of December 2025

10 WEIRD Gaming Stories of December 2025
7 Elaborate Easter Eggs That Took INSANE EFFORT

7 Elaborate Easter Eggs That Took INSANE EFFORT
10 Most UNDERRATED Games of 2025

10 Most UNDERRATED Games of 2025
BEST GAMES OF 2025

BEST GAMES OF 2025
10 Game of The Year Games That AGED LIKE MILK

10 Game of The Year Games That AGED LIKE MILK
Category: