Tue, Feb 07, 2012 | 23:39 GMT

Xbox Live boss defends Microsoft’s security measures

To mark Safer Internet Day, Xbox Live general manager Alex Garden has urged members to secure their online identities – but denied Xbox Live itself has any security holes.

In a statement posted to Major Nelson’s blog, Gardner responded to an ongoing spate of high-profile Xbox Live account compromises.

“While we here at Xbox have no evidence of a security breach in the Xbox LIVE service, that is of little comfort to our members whose accounts have been compromised by malicious and illegal attacks,” he said.

Social engineering, phishing, malware, and duplicate passwords on less secure services were listed as the primary causes of compromised accounts. Despite this denial of responsibility, Gardner said Microsoft will “continue to take aggressive steps to help protect you against ever-changing threats” and “care[s] deeply”.

“Our work will never end. With every measure we put in place, ill-intentioned people will create new ways to attack online services,” he said.

Microsoft’s reputation has been tarred recently thanks to widespread reports of users who have been unable to recover compromised accounts, but Gardner said most cases are resolved quickly.

“Recovering compromised accounts – in a timely manner – is also a priority and an area where we’ve made, and will continue to make, improvements. We have invested more resources in our account recovery process and as a result, for most new fraud cases we are now able to investigate and return accounts within three days,” he claimed.

“For users who have added strong proofs to their accounts, this may be as fast as 24 hours. We still have a few cases that are taking longer to fully recover and some refunds are still being processed, but we’re making great strides. We hope our customers are experiencing the improvements firsthand.”

Gardner pointed members to a dedicated security information page with details on how to help secure Xbox Live accounts, and urged users to take steps like single-use codes and regularly changed passwords.

“I realize it may fall flat when we don’t share specific details of our security architecture,” he admitted, before outlining some of the ways Microsoft does attempt to protect users – like CAPTCHA and account lockouts.

“Microsoft continues to investigate cyber-criminals and bot nets, and help shut them down,” he said.

“We do not take lightly the frustrations we’ve heard from our loyal Xbox LIVE members and remain committed to addressing and persistently resolving our customers’ individual and collective concerns. For now, if you have a problem we haven’t yet resolved, please email me,” he added, giving his email address and reaffirming his “sincere commitment to listen and take action”.

Thanks, Gamespot.

Related posts

Microsoft working on relaxing Xbox Live rules for F2P, says Hi-Rez boss

ArenaNet prepping extra Guild Wars 2 security measures

Skype-Live integration not in the “near-future,” says Xbox Live EU boss

5 comment-trail-alt Posted in: Microsoft, Xbox Live
Tags:

5 comments

#1

Hcw87
08/02/12, 6:16 am

Having no maximum login attempts and no captcha (which they only added a few weeks ago), seems like a serious security hole to me. Brute forcing an account for months will get the ”hackers” alot of passwords. Still have no idea how they got hold of the Windows Live ID’s though.

I got hacked the 15th of January, and had my account back within 48 hours after i reported it. Still should not have happened though, and Microsoft is responsible in a way, since it was way too easy to run Brute Force attacks on their site. They also secretly increased the security lately, adding a timeout after ~20 or so login attempts, and requiring CAPTCHA. They also should let users decide who gets to login to their account, by country or Console ID.

#2

KrazyKraut
08/02/12, 6:33 am

“…but denied Xbox Live itself has any security holes.”

Challange accepted.

#3

IL DUCE
08/02/12, 8:28 pm

My friend’s account got hacked on XBL and it was fixed within a day, all he had to do on his end was change his password…I don’t agree that there definitely aren’t any security holes b/c you truly never know but they definitely fix the issues in a timely manner…

And even with their security reputation being “tarred” it is nothing compared to the PSN debacle that shut the service down for a full month so…yeah…MS is fine

#4

Psychotext
08/02/12, 8:55 pm

Whilst it’s nice that they’ve now got a semi-sane recovery policy, it doesn’t really make up for everyone who got screwed over by the old one. It took them a month to fix my missus’s account and I know people that have waited over 60 days (and some who are still waiting).

#5

DSB
08/02/12, 9:30 pm

@1 Not to mention that all the accounts are interconnected.

If you have an Xbox Live ID and a Hotmail account, then that’s two critical breaches for the price of one. Even if you don’t leave critical info on Xbox Live, they can still get it if it’s in your e-mail.

I’ll definitely be doing what I should’ve done a long time ago and switch to Gmail.

Leave a Reply