Several users have complained that their Xbox Live user IDs have been taken over while they are playing, finding that they were unable to log into their accounts at a later point.
"Some folks are having their Microsoft points stolen and or points purchased via their stolen gamer tag," noted security researcher Kevin Finisterre on Monday in a posting to the Full Disclosure security mailing list.
Microsoft refers to Xbox Live user IDs as gamer tags.
The "infamous" online gaming clan even lists accounts that is has stolen, accompanied by the reason why, Finisterre found. An account by the name of "BxR RaMpAgE" was allegedly stolen because the previous owner " Talked Shit to JuStCaLLMeFRESH".
One user on the Xbox forum claimed to have lost five accounts to the clan.
Microsoft's helpdesk agent acknowledged the issues to Finisterre but blamed his problems to Bungie, the Microsoft owned developer of Halo and Halo 2. Finisterre has posted a recording of the conversation on his website.
Numerous users have suggested that Microsoft or Bungie has been hacked.
A Microsoft spokesperson categorically denied that the service Bungie.net has been compromised.
"Bungie.net has not been hacked and Xbox LIVE accounts have not been stolen. Any reports stating that are false. Xbox LIVE has strict policies against hacking and will penalize any individual who attempts to do so," the company said in a statement to vnunet.com.
The Xbox Live service allows gamers to connect to the internet and play online. It also provides access to the Xbox Live Marketplace where users can purchase digital goods such as armor and weapons for use within games, or expansions to existing games such as additional maps. Purchases are charged with so-called Live Points.
Microsoft sells a credit of 4,000 points for $50. Gamers also can link their credit card to their Xbox Live accounts to allow for purchases to be made from within the gaming console.
Microsoft Points also are the currency of choice for the company's Zune Marketplace, an online media store, where a single song goes for 79 points. The digital currency however can't be converted back into real currencies.
Finisterre is currently collecting reports about stolen Xbox Live accounts in an attempt to force Microsoft to take action.
"I would certainly say that Microsoft staff is more than negligent in dealing with this issue especially with regard to the potential theft of personal information."
Xbox Live fraud on the rise
By Tom Sanders on Mar 21, 2007 8:40PM