Sections

Unauthorized XBL account access may be coming from Xbox.com

Friday, 13th January 2012 16:33 GMT By Stephany Nunneley

It looks as though the Xbox.com website may be the source of the recent wave of compromised Xbox Live accounts, according to a report on Eurogamer.

Speaking with a source by the name of Jason and looking over the website AnalogHype, Eurogamer found the Xbox website allows for eight password attempts when logging into a Windows Live ID before CAPTCHA kicks in. This allows someone other than the account holder to run a password-generating script to gain access to the account before CAPTCHA recognizes the failed log-in attempts.

The person trying to gain access to the XBL account can simply find out the Windows Live ID by doing a Google search or by looking over a list of Gamertags which have played Xbox 360 games online.

Once a user name is chosen, a search for the account holder’s email addresses is conducted, and then the culprit goes through a trial and error process trying to log into the account using the Windows Live ID system until successful, or giving up and moving on to the next account.

In other words, it’s not an actually hack, like with last year’s PSN debacle, but more along the lines of “brute force” unauthorized access with legitimate channels being used to gain entry into an account.

AnalogHype said this particular method of accessing accounts was discovered by a network infrastructure manager, who had his own XBL account broken into and 8000 Microsoft Points charged to his card.

Eurogamer contacted Microsoft, which said it is aware of the issue, but Eurogamer is still waiting for a formal response on the matter.

Latest

4 Comments

  1. Ireland Michael

    It’s just generic password guessing software. People use this stuff all the time. They’re not going to be able to do that from the console.

    #1 3 years ago
  2. deathgaze

    That’s likely why we have only seen a limited number of these types of break-ins.

    #2 3 years ago
  3. Kabby

    The irony here amuses me.

    #3 3 years ago
  4. fearmonkey

    So, All these people getting hacked with Fifa is due to this?
    A friend got hacked, he had a strong password, had an email account that was different from his login name, works in IT and knows how not to get phished, was not infected with malware, etc.
    He logs into his account, his points are gone, points had been purchased, and his account had 2 FIFA achievements on it. MS said they were locking the account but he was able to log into it multiple times after it was supposedly locked…..

    #4 3 years ago

Comments are now closed on this article.