Unauthorized XBL account access may be coming from Xbox.com

By Stephany Nunneley, Friday, 13 January 2012 16:33 GMT

It looks as though the Xbox.com website may be the source of the recent wave of compromised Xbox Live accounts, according to a report on Eurogamer.

Speaking with a source by the name of Jason and looking over the website AnalogHype, Eurogamer found the Xbox website allows for eight password attempts when logging into a Windows Live ID before CAPTCHA kicks in. This allows someone other than the account holder to run a password-generating script to gain access to the account before CAPTCHA recognizes the failed log-in attempts.

The person trying to gain access to the XBL account can simply find out the Windows Live ID by doing a Google search or by looking over a list of Gamertags which have played Xbox 360 games online.

Once a user name is chosen, a search for the account holder’s email addresses is conducted, and then the culprit goes through a trial and error process trying to log into the account using the Windows Live ID system until successful, or giving up and moving on to the next account.

In other words, it’s not an actually hack, like with last year’s PSN debacle, but more along the lines of “brute force” unauthorized access with legitimate channels being used to gain entry into an account.

AnalogHype said this particular method of accessing accounts was discovered by a network infrastructure manager, who had his own XBL account broken into and 8000 Microsoft Points charged to his card.

Eurogamer contacted Microsoft, which said it is aware of the issue, but Eurogamer is still waiting for a formal response on the matter.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.

Comments

Headlines

CAPTCHA

Phishing

Xbl Hack

  • Illicit XBL access via Xbox.com "industry-wide issue"

    Microsoft has responded to yesterday’s report which claimed the rash of compromised Xbox Live accounts lately were due to “brute force” unauthorized access through legitimate channels. In a statement provided to IGN, the firm said there wasn’t any “loophole” allowing the invasions, as the method of attack is “an industry-wide issue.” Microsoft also noted, once […]

  • New cases of Xbox Live account hacking come to light

    More reports of Xbox Live accounts being illegally accessed have come to light this week, with the latest claim coming from a user who discovered her account had been sold through a site operating out of China to a Polish Xbox Live user.