Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":702836,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"games,security,","session":"B"}']

Hack attack: Microsoft confirms bigwigs’ Xbox Live accounts compromised

Hack attack: Microsoft confirms bigwigs’ Xbox Live accounts compromised

Microsoft revealed today that a number of its Xbox Live accounts were hacked. According to the company, the hackers were able to gain access by using a number of social engineering tactics.

Video Game Fail

A number of “high profile” Xbox Live accounts belonging to Microsoft employees were hacked, according to a statement from Microsoft, who says the attackers used a number of social-engineering tactics to get access.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":702836,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"games,security,","session":"B"}']

The statement from Microsoft reads:

We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox Live accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members.

This is more than a surface-level social engineering attack on Microsoft, however. Brian Krebs, a security reporter who was recently “swatted,” or pranked when someone reported a fake incident that had police at Krebs’ door, found the prankers were actually a group of hackers. The group of four, according to Krebs, was seeking revenge after he reported on a website called ssndob.ru where people were selling social security numbers. This is reportedly one of the tactics used to gain access to the Xbox Live accounts.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

As it turns out, Krebs also connected one of the hackers from this group called TeamHype to the hacker who took down Mat Honan’s digital life in 2012. This hacker, called Phobia, may have also been behind the “swatting” prank.

Microsoft responded saying that it does not use social security number in its Xbox Live accounts, but that the hackers were effectively “daisy-chaining” by social engineering one of Microsoft’s partners (see: “affiliated companies in the statement above) and gaining enough information to bypass  Microsoft’s “security proofs” or the information it collects to make sure you are who you say you are.

hat tip Ars Technica; Video game fail image via Shutterstock

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More

Explore

None Games Security