Microsoft Investigating Major Xbox Security Flaw

Dennis Faas's picture

It appears that Microsoft and its users may be experiencing a security problem potentially as dangerous and devastating as the 2010 debacle that hit Playstation owners.

Back then, innocent purchasers of PlayStations were hit by one of the most stunning security invasions in recent memory. Millions saw their supposedly-secure account information leaked, including credit card data.

The problem ran so deep that Sony felt compelled to offer substantial compensation packages.

The current problem may prove just as significant, unless Microsoft changes how it stores sensitive customer information.

Researchers Retrieve Old Credit Card Data

According to a recent security report from researchers at Drexel and Dakota State universities, Microsoft's popular Xbox 360 video game console is vulnerable to hacking that can retrieve the credit card numbers it stores permanently on its hard drive.

The researchers were able to purchase a used / refurbished console and use a special software tool to retrieve the previous user's private information.

As much effort, the research team even learned how to acquire the past user's credit card data from the Xbox 360.

The experts who put together the report are now waving their fingers at Microsoft, chiding the software giant for not taking better care of its users' personal financial information.

"Microsoft does a great job of protecting their proprietary information, but they don't do a great job of protecting the user's data," said Ashley Podhradsky, one of the researchers who contributed to the report. (Source:

Microsoft Reacts With Doubt, But Reluctant to Investigate

To some experts, it appears Microsoft has been sitting on its hands instead of address this problem. The researchers say they warned Microsoft about the problem last year, but the company simply dismissed their claims as doubtful.

Not until the Drexel and Dakota State report hit the web last week did Microsoft offer any reaction to the researchers' claims.

Now Jim Alkove, Microsoft's General Manager of Security of Interactive Entertainment Business, has issued the following mini-statement:

"We are conducting a thorough investigation into the researchers' claims."

However, Alkove also indicated that Microsoft continues to believe retrieving credit card data from a console would be extremely difficult, even impossible:

"Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described," Alkove said. (Source:

On their own, the researchers recommend the use of a software sanitizer on all Xbox 360 hard drives before selling the consoles to anyone else.

Rate this article: 
No votes yet