Has the Xbox Live account exploit issue been discovered?

[nsane.forums]

A person may have discovered how a large number of Xbox Live accounts may have been recently breached by hackers, using a brute force method on the Xbox.com web site.

We have been covering the news on how a number of Xbox Live users have discovered that their accounts have been taken over by hackers and used to pay for Microsoft points and other content for Microsoft's Xbox 360 console. The account users have insisted they have not been the victims of any phishing or any other online scams that might have been used to obtain user name and passwords. Microsoft has also insisted that the Xbox Live service has not been the subject of a cyber attack.

Now it appears that a person has discovered a way to gain access to Xbox Live accounts that doesn't involve phishing or the direct hacking of the Xbox Live network. As it turns out, it may be a flaw in the Xbox.com web site. Eurogamer.com reports that a person named "Jason" contacted them with the claim that he had found an issue with the Xbox.com web site. The information was later given to AnalogHype by a person named Jason Coutee.

Basically, the two sites state that a person can take over an Xbox Live account by searching for Xbox Live Gamertags in search engines. A person's Windows Live ID can sometimes be discovered by these search methods. Then a person users that Windows Live ID and a password-generating script on the Xbox.com web site. This method can also be used to find the user's password in some cases.

Eurogamer said it has contacted Microsoft about this discovery. So far it appears that Microsoft is aware of this problem but there's been no official response to this apparent loophole in their system.

View: Original Article

[nsane.forums]

Microsoft responds to Xbox.com password claim

Microsoft has responded to a report earlier this week that claimed Xbox Live account passwords can be found via a scripted brute force method on the Xbox.com web site.

Earlier this week, a person who found that his Xbox Live account was taken over by hackers claimed to have discovered a way to use a scripted brute force technique to acquired Xbox Live passwords on Microsoft's Xbox.com web site. Now IGN.com reports that Microsoft has offered a response to that claim.

Microsoft's specific response is, "This is not a 'loophole' in Xbox.com. The hacking technique outlined is an example of brute force attacks and is an industry-wide issue." The response also included Microsoft's standard response for cases of people who have had their Xbox Live account highjacked, saying, "Microsoft can confirm that there has been no breach to the security of our Xbox Live service."

The fact remains that there are quite a few people who have gone public with their issues with Xbox Live accounts being taken over by outsiders. Microsoft continues to insists that those accounts might have been stolen via phishing scams or some kind of malware. The account holders also insist that they have not encountered any sort of phishing schemes nor have they detected any kind of malware programs.

Clearly there remains a disconnect between these two viewpoints and it seems like Microsoft is doing little to try to bridge this gap other than to say it is not the company's fault. However, the problem appears to be getting worse and worse. It's not clear if there will be any sort of breakthrough with this issue in the future.

View: Original Article