"Despite some recent reports and speculation, I want to reassure all of our six million Xbox Live members that we have looked into the situation and found no evidence of any compromise of the security of the Xbox Live Network or Bungie.net," Xbox Live's Director of Programming Larry Hyrb wrote on his blog.
Hyrb said the reported thefts of personal information are a result of users giving it away, not through the social engineering technique of pretexting, as some users have suggested in community forums.
"There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their LIVE account," he said. "This is a good time to remind our members that they should never give out any of their personal information."
But security researcher Kevin Finisterre, the man responsible for January's Month of Apple bugs, said Microsoft is unfairly shifting the blame on users. He said that Microsoft account representatives with whom he spoke reported that this was a problem they had recently encountered on a more frequent basis.
"I had one of them tell me that they had three different people complain about this on that day," he told SCMagazine.com.
Through additional online research, he also found about 60 similiar complaints, in addition to an illicit website, now disabled, that was supposedly run by "Clan Infamous," a group of individuals who claimed they had found a way to steal accounts.
Finisterre said he also made a recording with a Microsoft customer service representative who gave Finisterre personal information about an individual he didn’t know.
Microsoft denies claims of Xbox Live hacks
By Ericka Chickowski on Mar 26, 2007 12:18AM