Yesterday we told you how it was likely that the alarming, unabated increase in Xbox live account hijackings was the result of a wave of brute force attacks. Many users are reporting that their accounts are being used to purchase all manner of subscptions and points, and then sold off on dodgy Chinese websites for a fraction of their retail value.
Microsoft has come out in defence of its security measures, reassuring users that its service has not been compromised.
“This is not a ‘loophole’ in Xbox.com,” it said in a statement issued to Metro. “The hacking technique outlined is an example of brute force attacks and is an industry-wide issue.
“Microsoft can confirm that there has been no breach to the security of our Xbox Live service. The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats.”
“Security in the technology industry is an ongoing process,” the company added “and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it. We continue to evolve our security features and processes to ensure Xbox Live customers information is secure.”
“Online fraud and identity theft are industry-wide problems, and as such people using any online services should set strong passwords, not share those passwords across multiple services and refrain from sharing any personal details that could leave them vulnerable.”
Microsoft’s also set up an online guide to ensuring that your account isn’t compromised, which you can find here. That said, security on Xbox accounts is an issue, and Microsoft needs to take a more pro-active stance on the matter. Something needs to be done; at least temporarily lock an account after a set number of failed login attempts. As it stands right now, all that happens after 8 unsuccessful attempts is direction to a Captcha – something a dedicated group of thieves have no problems with, especially considering there’s profit to be made.
Unfortunately if they do beef up security measures, it’ll mean more circles for the end user to navigate, hampering the online experience; once again a case of hackers making life difficult for paying customers. My own recommendation? Keep your credit card details the hell away from Xbox Live and rather rely on the pre-paid points and subscriptions offered by places like Evopoints and Cheapcodes.
Last Updated: January 17, 2012