Microsoft blamed for Xbox Live account thefts

By

Redmod helpdesk giving out confidential information, claims gaming clan.

Microsoft blamed for Xbox Live account thefts
Microsoft's helpdesk is the key to the recent Xbox Live account thefts, according to a gaming clan which admits to being one of the culprits.  

The InFamOuS clan said on its website that its members "steal at least 10 accounts a day". 

"Now you may be wondering how we get your information? Its easy, you call 18004myxbox, pretend to be that person, make up a story about how your little brother put in the information on the account and it was all fake, blah blah blah," the group boasts on its site.

"You might get one little piece of information per call but then you keep calling and keep calling every time getting a little bit more information every time.

"Once you have enough information you can get the Password on the windows live ID Reset, they may tell you they can't, but its bullshit. People at Bungie CAN and WILL reset your password."

Xbox Live account thieves have made similar claims on online forums in the past. The described method is known as social engineering and attempts to dupe Microsoft helpdesk employees into divulging confidential information.

The InFamOuS clan also admitted to using credit cards linked to the accounts to purchase so-called Microsoft Credits.

The issue of stolen Xbox Live accounts surfaced earlier this week when security researcher Kevin Finisterre tagged the problems on the Full Disclosure security mailing list. He reported the matter after his girlfriend's 'gamer tag' was stolen. 

Microsoft has always maintained that its systems are secure. The company concluded an internal audit on Wednesday and proclaimed that it had not found any issues.

"We have looked into the situation and found no evidence of any compromise of the security of Bungie.net or our Live network," said a company spokesperson. 

Microsoft admitted, however, that most known cases of Xbox Live account theft are the result of social engineering, where criminals dupe victims into giving up confidential data.

The vendor did not immediately respond to a request for comment on the claims made by the InFamOuS clan.

In response to Microsoft's statement, Finisterre said that Microsoft was correct in blaming social engineering, but left out that it was the firm's employees who were targeted.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
accountblamedforlivemicrosoftsecuritytheftsxbox

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?