Microsoft says it’s “unlikely credit card data” can be recovered from refurbished 360 hard drives

Friday, 30th March 2012 21:29 GMT By Stephany Nunneley

Microsoft has responded to a report inked by a research group at Drexel University claiming refurbished Xbox 360 hard drives retained the credit card information of previous owners.

Here’s the response provided to Joystiq by Microsoft’s manager of interactive entertainment business, Jim Alkove:

“We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.

“Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.”

In other words, Microsoft said it’s not possible, but it’s still looking into the matter.



  1. Gekidami

    “In other words, Microsoft said it’s not possible [...]” Drexel University says otherwise. …I’m leaning towards the ones with the less reasons to lie about this.

    #1 3 years ago
  2. Stephany Nunneley

    Yeah, as usual, I never know who to believe. :(

    #2 3 years ago

    Then what? If we can recover data from XBox’s HDD, then hackers will buy, retrieve every single HDD on Earth to steal credit card data? Lol, damn me for this stupid things! =))

    #3 3 years ago
  4. Henry

    It seems all the researchers did was just data recovery from HDD.

    And I believe M$ really didn’t store credit card data inside HDD, or console. Because that’s unnecessary and stupid.

    Credit card data is already stored on server side. (Login to by PC, you can still use the stored credit card.) And all transaction processes happen on server side. So why store credit card data inside console to increase security risk?

    M$ didn’t firmly deny the possibilities, because it really can’t be denied 100%. Technically, player did enter their credit card data through the console. Even if the console didn’t deliberately store it, the data might be temporarily and unintentionally cached somewhere, like page file (HDD space that acts as virtual RAM). If hacker tries to recover data before these cache is overwritten by other data, it might be possible to recover ( theoretically). But this theory applies to any computer-like device, not just xbox.

    #4 3 years ago
  5. jnms

    “seems unlikely credit card data was recovered” – Microsoft

    “In other words, Microsoft said it’s not possible” – VG247


    #5 3 years ago
  6. back_up

    360 is worst console ever made

    #6 3 years ago

Comments are now closed on this article.