Microsoft has confirmed security problems with the Xbox Live online service. The system is still technically sound and has not been hacked. However programming director Larry Hryb from Xbox Live has admitted in his blog that there are social engineering problems.
Security expert Kevin Finisterre found that numerous player accounts have been compromised, using classic "social engineering" tactics such as talking Microsoft's support people into redirecting an account to another console for "Account Recovery". The Xbox group "Infamous" has published hints and tactics on their web site how to get an account redirected without knowing the password or the right answer to the security question.
Hryb wrote that support staff received new instructions with regard to the security problems. "This situation shouldn't have happened. Our customers deserve better," Hryb wrote. Meanwhile, Microsoft in the USA has updated its support website and is asking players to contact the hotline if they are no longer able to log into their account.
Copyright note: This story was provided exclusively to TG Daily by Heise Security. You can visit Heise Security directly for more stories on security topics.