Xbox Live accounts hacked
Allegedly, the hackers who targeted Krebs did so because he helped to
reveal the method by which they have been compromising the accounts of
"Microsoft employees who work on the Xbox Live gaming platform," Krebs
writes .
The method apparently involves acquiring and then utilizing the
employees' social security numbers along with some social engineering to
obtain access to those accounts. "Attackers are targeting high-profile
Microsoft employees by social engineering other companies."
In a statement given to The Verge, Microsoft confirmed that "a handful
of high-profile Xbox LIVE accounts held by current and former Microsoft
employees" have in fact been compromised. However, Microsoft denies that
it in any way collects or utilizes SSNs in conjunction with Xbox Live
accounts.
We are aware that a group of attackers are using several stringed social
engineering techniques to compromise the accounts of a handful of
high-profile Xbox LIVE accounts held by current and former Microsoft
employees.
Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts.
Attackers are targeting high-profile Microsoft employees by social
engineering other companies that do use this data to intercept security
proofs from Microsoft to compromise the accounts.
For its part, Microsoft is directing Xbox Live users to its standard
security recommendations at xbox.com/security . However, for now the
strongest line of defense offered there appears to be those self-same "
security proofs ," at least one of which was compromised thanks to a
third party.
No comments: