Microsoft said it has found no evidence that Xbox Live accounts have been hacked, despite at least 50 reports from gamers on the Xbox Live forum claiming hackers were stealing their accounts.
One such report came from security researcher, Kevin Finisterre, who said in an email interview that his account had been stolen last week.
"We were playing with some folks that were cheating by a known method called 'standbying' or 'bridging’, and during the game, we were told 'I am going to steal your account'," said Finisterre. "Sure enough, the next day, my Xbox said, 'We are sorry, but someone else has signed on as your gamertag, and we have to log you off’."
"Immediately after that, I was banned from Xbox live until 18/3/2007," said Finisterre. He called support, but got what he called "the runaround”. Several days later, when Finisterre was supposed to be able to again access his account, he logged in to Xbox Live again. "Boom, now we are banned until the 24th," he wrote. "When I call in, they still cannot tell me anything. My account is still under investigation and that's all I know."
Finisterre also voiced his frustration after he contacted support at Bungie, Microsoft’s game developer responsible for the Halo series, which was unable to give him a straight answer.
He blamed a group of hackers who go by ‘Infam0uS’ as responsible for at least some of the account hijacking. The group's website makes no bones about stealing Xbox Live identities; it currently lists seven, stolen for reasons that include "Talked s*** to JustCallMeFRESH" and "Stole from clan”. The link to the site was not working as we posted this story, indicating that the site may have been ordered to shut down.
Microsoft says that most cases of Xbox Live account hacking are due to social engineering.
However, after looking into the matter, Microsoft denied reports that users of Xbox Live have had their accounts hacked. On the site of ‘Major Nelson', Xbox Live’s director of programming, he says: “Despite some recent reports and speculation, I want to reassure all of our 6 million Xbox Live members that we have looked into the situation and found no evidence of any compromise of the security of the Xbox Live Network or Bungie.net.”
Nelson said that there have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their Live account.
He also reminds members of the service never to give out any personal information and gives a link to a PDF file from Microsoft on how to protect your self against identity theft.
With additional reporting by Gregg Keizer, Computerworld.