Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Microsoft: Xbox Live 'issues' not our fault
Published: 2007-03-22

Following numerous reports of vandals stealing accounts on Microsoft's Xbox Live gaming network, the software giant released a statement on Wednesday night saying its network has not been compromised and any stolen accounts are likely due to users' unwisely giving away personal information.

The statement followed reports that members of Microsoft's Xbox Live network had had their accounts stolen, especially after playing certain online games, such as Halo 2. In a report published on Wednesday, SecurityFocus discovered statements online by self-confessed account thieves that indicated that Microsoft's support staff had been socially engineered by the vandals--also known as pretexting--in order to gain control of other Xbox Live members' accounts.

In its statement, Microsoft did not specifically address the pretexting issue. The full statement, sent to SecurityFocus late Wednesday night, follows:

Despite some recent reports and speculation, we want to reassure all of our 6 million Xbox Live members that we have looked into the situation and found no evidence of any compromise of the security of Bungie.net or our LIVE network. There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their LIVE account. We think this is a good time to remind our members that they should never give out any of their personal information.

  • To our knowledge, there has been no compromise of the Xbox LIVE network.
  • To our knowledge, no credit card or other personal information was exposed.
  • We are always evaluating our security policies and procedures. In order to help protect their Xbox LIVE Accounts, customers should follow the guidelines outlined in the Xbox LIVE code of conduct on Xbox.com (http://www.xbox.com/en-US/legal/codeofconduct.htm). Specifically: "Don't give out information that personally identifies you (such as your real name, address, phone number, credit card number, etc.) while you're playing. This includes voice chat and the names you create for your gamertag or mottos. This information could be used by other players for illegal or harmful purposes. Also, don't give out the personal information of other players."

A shorter version of the statement--attributed to "Major Nelson," the XBox Live gamertag of Larry Hryb, Microsoft's Xbox Live Director of Programming--can be found on his blog.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Denial... 2007-03-25
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus