A team of researchers at Drexel University have discovered a flaw in Microsoft's handling of Xbox 360 data so that hackers, using common tools, can get to your credit card details – even if you use the console's formatting tools. In a phone conversation with Kotaku, researcher Ashley Podhradsky said that Microsoft were doing customers a disservice by not doing a better job protecting their personal data.
This isn't something that they're doing in theory either. They purchased a refurbished 360 through an authorized Microsoft retailer, then used cracking tools to access secret files. With a little time, they managed to access the credit card details of the console's original owner.
"A lot of [seasoned hackers] already know how to do all this," she said. "Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity." She said the only way to be 100% sure of your details being kept safe when trading in a console is to hook your hard drive up to a PC and use a dedicated tool to get rid of everything.
"I think Microsoft has a longstanding pattern of this," Podhradsky said. "When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that's not accurate—the data is still available… so when Microsoft tells you that you're resetting something, it's not accurate.
"There's a lot more that needs to be done."
UPDATE: Microsoft have responded to the claims laid out in the research and in the Kotaku interview. You can read their statement here.
