Information Communication Technology : Microsoft confirms compromise of “high-profile” Xbox Live accounts

Wednesday, March 20, 2013

Microsoft confirms compromise of “high-profile” Xbox Live accounts

Hackers that took over Xbox Live accounts likely behind DoS attack on Ars.

by Dan Goodin

BLACK HAT

CONSOLE GAMING

Attackers are using fraudulently obtained information to take over high-profile Xbox Live accounts held by current and former Microsoft employees, company officials said.

"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees," Microsoft officials said in a statement sent to Ars. "We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use."

The disclosure comes two days after security reporter Brian Krebs linked one of the people who may have prompted a raid on his home by armed police to a four-man team that uses illicitly obtained credit information to hijack Xbox Live accounts. According to Krebs, the same person who took credit online for the swatting attack also ordered a denial-of-service attack on his website. Records unearthed by Krebs found that the same Gmail address used to order that hit also ordered a DoS on Ars Technica.

Krebs called the 20-year-old member of "Team Hype" after watching videos the hacking crew had posted showing them hijacking Xbox Live accounts in progress. The videos showed the members using desktop screen-grabbing software and even showed conversations with other members in instant message windows in the background. An anonymous source told Krebs that the group uses fraudulently obtained Social Security Numbers from the site ssndob.ru to gain control of Xbox Live accounts. Some of the members then sell the accounts to other Xbox Live Players. Krebs has much more on the technique here.

Microsoft's confirmation of the Xbox Live account compromise came the same day as a report that the Xbox Entertainment website briefly displayed the names, gamertags and addresses of nearly 3,000 users who had voted on the site. The data was visible for only a short time, and no passwords were compromised, the unnamed person told mvcuk.com.

On Wednesday, Microsoft issued a statement that read:

Data security for all Xbox 360 owners is of the utmost importance to Microsoft. Upon learning on 19 March 2013 that a number of UK Xbox LIVE subscribers have inadvertently had a limited amount of personal data disclosed online because of an error with our Xbox Entertainment Award voting app, Microsoft took immediate steps to remove the Application from its UK Facebook page.

We are working closely with affected Xbox Entertainment Awards voters who have been in touch with us to ensure that their Xbox LIVE accounts have not been compromised and will restore the Xbox Entertainment Award voting app to our Facebook page once the issue is resolved.
Xbox LIVE customers who have any concerns should visit www.xbox.com/security for information on account security.