Microsoft Blames Itself For Xbox Hack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Microsoft Blames Itself For Xbox Hack

Microsoft has admitted that its own support staff was pretexted, or duped with social engineering tricks, into giving hackers access to users' account information.

After first blaming unsavvy users for being duped into revealing their Xbox Live account information, Microsoft is admitting that its own support staff is at fault.

Gamers have been complaining that hackers broke into their Xbox Live accounts and made off with users' points and information. Last week, Microsoft said it was investigating reports of fraudulent activity on the Xbox Live network.

Then the company said in a blog post that after an investigation into the situation, it found no evidence of a security compromise, noting that malicious users have been attempting to draw personal information from unsuspecting users to gain access to their Live accounts.

In the latest missive from Microsoft, Larry Hryb, director of programming at Xbox Live, wrote in his blog that Xbox Live hasn't been hacked. Microsoft's support staff wasn't so lucky, though. Some of them were duped into giving out customer information to hackers who used pretexting techniques.

"A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of 'social engineering,' also known as 'pretexting,' through our support center," wrote Hryb. "Kevin gave me a call directly, and once I realized what he was talking about (he sent me some painful-to-listen-to audio files), I confirmed that the team is fully aware of this issue. They are examining the policies, and have already begun retraining the support staff and partners to help make sure we reduce this type of social engineering attack."

Hryb added, "There's no other way to say it; this situation shouldn't have happened. Our customers deserve better."

While the majority of comments under his blog post showed users' appreciation about Microsoft's fessing up to the pretexting blunder, some users said they're unhappy with Xbox support in general, and they also want their credit card information removed from the site.

"It would help if we could remove our credit card information after we've used it instead of it being stored on the system (or even the console) forever just waiting to be pretexted," wrote Joergen8 in the blog comments.

Xbox Live and are both offline for much of Tuesday for an estimated 14 hours of scheduled maintenance. Both sites are scheduled to come back online at 5 p.m. EDT.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll