Microsoft Admits to Xbox Support Slipups

Last week, Microsoft quickly dismissed rumors of a security problem with its Xbox Live online service, but the company came around to the truth of the matter a bit more slowly: Although the Xbox Live service is technically sound, it appears that some Microsoft Xbox support employees have been giving users' personal information to callers without properly verifying the callers' identities. Consequently, some malicious users have been able to compromise Xbox Live accounts using good, old-fashioned social-engineering schemes.

SecurityFocus, an online security forum, first brought up the possibility that Microsoft support employees were coughing up Xbox Live users' personal information. According to the Web site, malicious Xbox users have been bragging online about their ability to easily steal Xbox Live accounts.

"You call 1-800-4my-xbox, pretend to be that person, make up a story about how your little brother put in the information on the account and it was all fake," one user wrote in an online forum. "You might get one little piece of information per call, but then you keep calling and keep calling, every time getting a little bit more information . . . once you have enough information you can get the password (and) the Windows Live ID reset."

Microsoft said it's now investigating this problem and posted a statement about its efforts on Xbox Live Programming Director Larry Hryb's blog. "We are making some pretty top-to-bottom changes to reduce this type of attack," Hryb wrote. "This shouldn't have happened. Clearly, along the way here, people have not followed the policy and need to be educated with the policy."

Contrary to claims that 10 or more Xbox Live user accounts are being stolen every day, Microsoft said that only a handful of Xbox Live accounts have actually been compromised in the past month or so. Microsoft scheduled an Xbox Live service outage for Tuesday, but said that the outage has nothing to do with the account thefts.

In related news, rumors of a new high-end Xbox 360 console appear to be correct. According to reports, Microsoft will soon unveil a new $479 version of the console that includes a larger hard disk, an HDTV-compatible HDMI connector, and the IP Television (IPTV) capabilities that Microsoft first announced in January. A new version of the console has been expected for some time, and Microsoft's discussions about IPTV in January fueled rumors that a new Xbox 360 version would be released this year.