This is a split board - You can return to the Split List for other boards.

Microsoft confirms 'high-profile' employees Xbox Live accounts hacked...

  • Topic Archived
You're browsing the GameFAQs Message Boards as a guest. Sign Up for free (or Log In if you already have an account) to be able to post messages, change how messages are displayed, and view media in posts.
  1. Boards
  2. Xbox 360
  3. Microsoft confirms 'high-profile' employees Xbox Live accounts hacked...

User Info: Solnot

4 years ago#1

As more of the story about the simultaneous cyber attack and real-world "Swatting" carried out against security researcher Brian Krebs comes to light, one of the significant details has the reported targeting of Microsoft employees for hacking. Allegedly, the hackers who targeted Krebs did so because he helped to reveal the method by which they have been compromising the accounts of "Microsoft employees who work on the Xbox Live gaming platform," Krebs writes. The method apparently involves acquiring and then utilizing the employees' social security numbers along with some social engineering to obtain (and apparently then sell) access to those accounts.

"Attackers are targeting high-profile Microsoft employees by social engineering other companies."

In a statement given to The Verge, Microsoft confirmed that "a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees" have in fact been compromised. However, Microsoft denies that it in any way collects or utilizes SSNs in conjunction with Xbox Live accounts. Instead, the SSNs are apparently used by a third party in some way, and it was actually information garnered from that company which allowed the hackers to gain access to Microsoft employee accounts.

We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members.

As you can see in Microsoft's statement above, the company is working with both "law enforcement and other affected companies" to close off the loophole this hack has uncovered. It's a "stringed social engineering technique," as Microsoft describes it, that sounds remarkably similar to the multiple steps involved in the famous hack Mat Honan suffered last year. The very same hacker, who goes by "Phobia," may have been involved in both cases.

Chaining together security loopholes from multiple companies seems to be an increasingly common tactic. It lines up with the description Krebs published about the method as well, which allegedly involved "phone companies" in some way.

Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts. Attackers are targeting high-profile Microsoft employees by social engineering other companies that do use this data to intercept security proofs from Microsoft to compromise the accounts.

Krebs may not have been the only person targeted recently, as Ars Technica also said it had suffered a denial-of-service attack that could be linked to Phobia. For its part, Microsoft is directing Xbox Live users to its standard security recommendations at However, for now the strongest line of defense offered there appears to be those self-same "security proofs," at least one of which was compromised thanks to a third party.

User Info: Dragon Nexus

Dragon Nexus
4 years ago#2
Social engineering =/= hacking.
Brute forcing =/= hacking.
"The problem with quotes on the internet is that you can never be sure if they're true" - Abraham Lincoln

User Info: djwagon

4 years ago#3
Dragon Nexus posted...
Social engineering =/= hacking.
Brute forcing =/= hacking.


I don’t know how much they got access to, but getting access to a credit card, address, and a few other things can do as much damage (if not more) than a SSN.

Plus, they might ruin your street cred in Halo 4.

Mar 19, 2013 | 11:04 PM

lol I beat you in b4djwagon comes out of your back to the qoute i that guy really that dumb.ssn theft is way worst then credit card thief
when I was here before I went by the screen name IMPORTER1..

User Info: dark_shard

4 years ago#4
If I'm reading this correctly, they just got access to the employees' Xbox LIVE accounts. Why would this be a security concern to anyone BUT those having their accounts stolen? - Games and Beer
GT: darkshardx

User Info: velvet_hammer

4 years ago#5
Sony is the only company ever to be hacked stop with the lies TC
"F*** weed, I'm smoking Bob Marley's ashes."
  1. Boards
  2. Xbox 360
  3. Microsoft confirms 'high-profile' employees Xbox Live accounts hacked...

Report Message

Terms of Use Violations:

Etiquette Issues:

Notes (optional; required for "Other"):
Add user to Ignore List after reporting

Topic Sticky

You are not allowed to request a sticky.

  • Topic Archived