Well I say hacked, in reality I mean social engineered. It turns out that some high profile Microsoft employees have had their accounts taken over by a nefarious few, who used the employees’ social security numbers and other services’ customer support to gain access.
Microsoft has been keen to point out that it in no-way uses customers’ Social Security Numbers to secure its Xbox accounts. Instead it is a third party that links the two together and its from there that hackers were able to compromise the Microsoft accounts. Microsoft has confirmed that it’s working on retrieving them however: “We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members.”
Unfortunately we don’t know as of yet who the “affected companies” are, but they are presumably Microsoft partners and those that have access to a gamer’s Xbox Live account. Perhaps some sort of app makers?
This social engineering technique is becoming more common place as more services are linked with each other – though it’s not always gaming related. We recently saw a big Bitcoin hack take place where several thousand dollars worth of the currency were pilfered. This was completed thanks to social engineering and tricking support staff.
KitGuru Says: While I don’t know much about the security of Microsoft’s partners, I do know there are some companies that really need to improve their phone security. I’ve changed major details on my accounts with some companies by only giving them my name and address – hardly difficult to find information.