Researchers recover credit card info from a factory reset Xbox 360
Resetting your Xbox 360 to factory settings before selling it or trading it in may not be enough to prevent your personal information from falling into the wrong hands. Researchers have determined that credit card information can be recovered from used Xbox 360 consoles despite those consoles having been reset to factory settings.
Dr. Ashley Podhradsky, Dr. Rob D’Ovidio, and Cindy Casey all study digital forensics at Drexel. Casey went out and purchased a used Xbox 360 and was able to pull an alarming amount of information off the hard drive with very simple tools.
The used Xbox purchased by the researchers was bought directly from Microsoft and had been reset to factory default settings. A basic modding tool was used to gain access to files on the hard drive. With a little bit of additional work the full credit card information previously stored on the console could be extracted. In addition to the credit card number itself, user names, user profiles, and a city could also be extracted.
Dr. Ashley Podhradsky spoke with Kotaku about the process saying,
“Microsoft does a great job of protecting their proprietary information. But they don’t do a great job of protecting the user’s data.”
Podhradsky also commented that for seasoned hackers the information may be accessed even more quickly than it could be done by the group of researchers.
“A lot of them already know how to do all this,” she said. “Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”
So how can you protect yourself if you want to trade in your Xbox? Podhradsky recommends removing the hard drive from the device, attaching it to a computer, and running a utility like Darik’s Boot & Nuke to completely wipe out all the data on the drive.
“I think Microsoft has a longstanding pattern of this,” Podhradsky said. “When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that’s not accurate—the data is still available… so when Microsoft tells you that you’re resetting something, it’s not accurate.”
Between this and the ridiculous Sony PlayStation Network hacks that happened last year I am hesitant to link a credit card to any of my game consoles. I would rather just go out and purchase prepaid points cards for everything. Have any of you traded in an Xbox 360? Are you concerned about your credit card information being pulled off the device?
There are 0 comments
Most popular headlines
- Wed 4 Dec 02:12 by DoMiN8ToR
A leaked roadmap from Intel provides more information on Intel's Fultondale and Pleasantdale SSDs and reveals the codename of a SSD series, the Temple
- Wed 4 Dec 05:12 by Kerry56
The USB 3.0 Promoter Group announced today that the development of a new type of USB connector has begun. It is called USB Type-C, and will be b
- Mon 2 Dec 06:12 by DoMiN8ToR
Windows 8 market share dropped from 7.49% to 6.66% this month, Windows 8.1 market share increased from 1.72% to 2.64%. Combined both Windows 8 version
- Mon 2 Dec 05:12 by DoMiN8ToR
An official statement from an OCZ employee learns us the company will honor product warranties. Last week OCZ announced it would file for bankruptcy a
- Tue 3 Dec 03:12 by DoMiN8ToR
Toshiba Electronics Europe today announced it has launched a new enterprise SSD line-up. The PX03SNx series is available with capacities of 200GB (PX0