To mark Safer Internet Day, Xbox Live general manager Alex Garden has urged members to secure their online identities – but denied Xbox Live itself has any security holes.
In a statement posted to Major Nelson’s blog, Gardner responded to an ongoing spate of high-profile Xbox Live account compromises.
“While we here at Xbox have no evidence of a security breach in the Xbox LIVE service, that is of little comfort to our members whose accounts have been compromised by malicious and illegal attacks,” he said.
Social engineering, phishing, malware, and duplicate passwords on less secure services were listed as the primary causes of compromised accounts. Despite this denial of responsibility, Gardner said Microsoft will “continue to take aggressive steps to help protect you against ever-changing threats” and “care[s] deeply”.
“Our work will never end. With every measure we put in place, ill-intentioned people will create new ways to attack online services,” he said.
Microsoft’s reputation has been tarred recently thanks to widespread reports of users who have been unable to recover compromised accounts, but Gardner said most cases are resolved quickly.
“Recovering compromised accounts – in a timely manner – is also a priority and an area where we’ve made, and will continue to make, improvements. We have invested more resources in our account recovery process and as a result, for most new fraud cases we are now able to investigate and return accounts within three days,” he claimed.
“For users who have added strong proofs to their accounts, this may be as fast as 24 hours. We still have a few cases that are taking longer to fully recover and some refunds are still being processed, but we’re making great strides. We hope our customers are experiencing the improvements firsthand.”
Gardner pointed members to a dedicated security information page with details on how to help secure Xbox Live accounts, and urged users to take steps like single-use codes and regularly changed passwords.
“I realize it may fall flat when we don’t share specific details of our security architecture,” he admitted, before outlining some of the ways Microsoft does attempt to protect users – like CAPTCHA and account lockouts.
“Microsoft continues to investigate cyber-criminals and bot nets, and help shut them down,” he said.
“We do not take lightly the frustrations we’ve heard from our loyal Xbox LIVE members and remain committed to addressing and persistently resolving our customers’ individual and collective concerns. For now, if you have a problem we haven’t yet resolved, please email me,” he added, giving his email address and reaffirming his “sincere commitment to listen and take action”.