Over the past few days more and more stories have begun cropping up regarding Xbox Live users being hacked. It seems that many people are finding themselves logging into their accounts to find all of their Microsoft Points drained and that their game history if full of games they’ve never even owned.

It’s still unknown what the source of these hacks are, whether it be keylogging, phishing, or something worse, but Microsoft has stated that Xbox Live is safe. So don’t try suing them, not that you could anyway.

While Microsoft claims that this isn’t an issue with Xbox Live, it does seem strange that this is happening in such high occurrences. Many users are reporting that their accounts have been hacked, and there does not seem to be any parallels between stories except for the fact that Xbox Live is involved. Some have even suspected that it could be an exploit tied to Windows Live IDs. It has been suggested that hackers grab Gamer Tags from online play sessions, search those tags to find corresponding emails and then test the validity of the email through a Windows Live ID site.

While this sounds like a tedious process, it’s made even easier due to some poor security features implemented in the Live ID system. If someone enters an invalid email, a messsage will pop up saying “account is invalid,” and similarly if the password is wrong. This means that all hackers need to do is find a correct email then keep trying passwords until it works. After eight attempts Windows Live will try to make users enter a special code or try a different ID. By choosing the latter, the hackers can keep up the process until they find a match.

With some users reporting that their accounts have been hacked and then sold to other users, and some even saying that they have a unique email and password combo for Windows Live, it seems the best course of action at this point is just to beef up your password(s) and remove your payment info. That is, if you don’t mind calling Microsoft to remove your credit card info - because you can’t actually do that through Xbox.com.

-

Follow me on Twitter @AnthonyMole

Source: Metro