Microsoft admits to security problems with Xbox Live
Microsoft has admitted to security problems with the Xbox Live online service. The system is still technically sound and has not been hacked. However programming director Larry Hryb from Xbox Live has admitted in his blog that there are social engineering problems. Security expert Kevin Finisterre found that numerous player accounts have been compromised. Aparently this was done using classic "social engineering" tactics such as talking Microsoft's support people into redirecting an account to another console for "Account Recovery". The Xbox clan "Infamous" have published hints and tactics on their web site how to get an account redirected without knowing the password or the right answer to the security question.
Hryb has already given support staff new instructions with regard to the security problems. Hryb apologised by saying, "This situation shouldn't have happened. Our customers deserve better." Meanwhile Microsoft in the USA has updated its support website and is asking players to contact the hotline if they are no longer able to log into their account.