Hijack of Halo Dev's Xbox Live Account Points to Recurring Microsoft Security Failures
The hijacking was not the result of sophisticated computer wizardry, but rather "social engineering," the act of creatively lying to customer service representatives to gain unauthorized access to sensitive information. Xbox Live stores credit card information, and while hackers are unable to steal that information for their own use, they can make unauthorized purchases from a stolen account
Tung is far from alone, as account hijackings are not uncommon among players of Bungie's online behemoth Halo 3. He is not even the only Bungie employee to be a victim of such thieves. But his position makes his case the highest profile to date.
Microsoft claims it previously retrained customer service employees in 2007 to deal with the issue, signaling a possible failure in the retraining or new methods in use by hackers.
"People don't hack accounts by using programs and any other bullshit that you hear around [Xbox Live]," an anonymous Halo 3-playing social engineer told MTV News. "It's as simple as picking up the phone."
Bungie was unsurprisingly tight-lipped on the issue. "We can confirm that Joe's account was compromised. Representatives from Microsoft aided Joe in swiftly resolving the issue," said Bungie community manager Luke Smith.
When asked about the implications of the theft of Tung's account, Smith simply answered, "No comment." Xbox Live is not the only online service facing scrutiny for its security practices. Earlier this year, Sony admitted that its PlayStation Network may have had hacker break-ins, putting PlayStation 3 and PSP owners at similar risk.
-
Sorry MS, you lose.