Xbox Live Points scam costs Microsoft $1.2 million

Posted by Mike Luttrell

An online scam went viral over the weekend, allowing users to manipulate a proprietary Xbox.com website to generate free Microsoft Points.

The scam reportedly ended up doling out more than $1.2 million in digital currency in a matter of hours.

The hack originated via a forum post at a website called The Tech Game on Sunday. A very creative user who goes by the handle "Dark" found a way to generate legitimate promotional codes that could be redeemed for Xbox Live Points.

He managed to find a piece of source code that is used to create the promotional codes, and then figured out by punching in random four-number strings into a piece of the complex URL, he'd eventually come across a working code.

It's somewhat difficult to describe, but long story short, Dark posted his findings online and it wasn't long before hoards of users starting jumping all over the exploitable URL in hopes of earning free points.

Each successful code was worth 160 Microsoft Points, the equivalent of $2. Some forum posters reported earning more than $100 in free points in a matter of minutes.

Microsoft reportedly became aware of the scam within hours, but by the time it took corrective action, it was too late. More than $1.2 million in legitimate Microsoft Points were issued but no one paid for them. That's not exactly a small blunder.

In the original The Tech Game threat, users express fear that Microsoft would track them down and ban their account, but given the astronomic scale of the hack, it would likely take Microsoft a huge amount of time just to figure out who took part in the deal, if it's even possible.

Microsoft has yet to issue a response to the million-dollar debacle.