Hacked Xbox Live member says brute force attacks are possible
A slew of recent Xbox Live hackings might share a common theme, says a network infrastructure manager. Jason Coutee, who unceremoniously had his online account broken into and $100 worth of Microsoft Points pilfered, believes he’s found a possible culprit: Microsoft’s own Xbox Live web portal.
The hacking victim learned through testing that entering an invalid Windows Live ID into the site’s sign-in screen, along with a similarly wrong password, brings up the error message “That Windows Live ID doesn’t exist. Enter a different ID or get a new one.”
A valid Windows Live ID paired with an incorrect password, however, displays the following message: “The email address or password is incorrect. Please try again.” That’s Yahtzee for hackers.
From there, they can run a script to discern the proper password, says Coutee. Circumventing the site’s built-in CAPTCHA system, which automatically pops up after eight failed sign-in attempts, is also easy. Cyber crooks need only click the “try with another Live ID” option to reset the counter to zero.
Windows Live IDs can potentially be culled from a quick Google search of active Xbox Live Gamertags, which may then lead to accompanying email addresses at social networking sites.
It’s unclear if this method was employed last October when hackers stole Xbox Live accounts to buy content for Electronic Arts’ soccer title, FIFA 2012. Several victims shared their horror stories online, including blogger Michael Kurz, whose simple request for more information regarding his stolen account was shot down by Microsoft Customer Service.
Microsoft has yet to respond to this latest round of speculation. (via AnalogHype)
There are 2 comments
- MyCE Resident
- Posted on: 15 Jan 12 17:51
- Mr. Belvedere
- MyCE Resident
- Posted on: 16 Jan 12 10:10
|Cyber crooks need only click the “try with another Live ID” option to reset the counter to zero.|
They can of course built in ip checking amongst other stuff like timers for the same account.
Most popular headlines
- Wed 4 Dec 02:12 by DoMiN8ToR
A leaked roadmap from Intel provides more information on Intel's Fultondale and Pleasantdale SSDs and reveals the codename of a SSD series, the Temple
- Wed 4 Dec 05:12 by Kerry56
The USB 3.0 Promoter Group announced today that the development of a new type of USB connector has begun. It is called USB Type-C, and will be b
- Mon 2 Dec 06:12 by DoMiN8ToR
Windows 8 market share dropped from 7.49% to 6.66% this month, Windows 8.1 market share increased from 1.72% to 2.64%. Combined both Windows 8 version
- Mon 2 Dec 05:12 by DoMiN8ToR
An official statement from an OCZ employee learns us the company will honor product warranties. Last week OCZ announced it would file for bankruptcy a
- Tue 3 Dec 03:12 by DoMiN8ToR
Toshiba Electronics Europe today announced it has launched a new enterprise SSD line-up. The PX03SNx series is available with capacities of 200GB (PX0