| | | | | Welcome to XboxMB - Xbox Message Boards | | Home of the Ultimate Xbox 360 Modding Tool, Horizon. XboxMB.com is a community of Xbox 360 gamers and modders who share Tutorials, News, Reviews, and other resources. Xbox Message Boards is free to sign up and use, so what are you waiting for? Register Now! | | | |
| 
| 
01-13-2012
|
#1 (permalink)
| Regular Member | | Join Date: Oct 2010 Location: Next to Subwoofers
Posts: 254
Thanks: 207 | | |  Is this the hack used to exploit Xbox Live accounts?
Fraud victim appears to work it out.
Last week we asked if Xbox Live had been hacked. We used the detailed account of Xbox Live fraud victim Susan Taylor to suggest that yes, it had.
After publishing the article, Eurogamer was approached by half a dozen other readers who had experienced similar exploitation on Xbox Live.
All the while, Microsoft staunchly denied any such security breach on Xbox Live.
But now we may have discovered how those Xbox Live accounts were broken into.
Eurogamer was contacted recently by "Jason", a man who claimed to know how to hack into Xbox Live accounts. He offered us an explanation via email last night. But our efforts to validate his claims were cut short by website AnalogHype, which today posted an uncannily similar "how-to", based on information provided by a source named Jason Coutee.
The same Jason? Probably.
Coutee and Eurogamer's "Jason" point the finger at Xbox.com - the website. This allows eight password attempts at a Windows Live ID before CAPTCHA is triggered - the system that presents those squiggly words. A simple password-generating script can apparently be used to exploit this system before CAPTCHA kicks in.
The Windows Live IDs come from playing Xbox 360 games online. Gather Gamertags and Google search them in the hope you'll find related email addresses. Try these as Windows Live IDs and the Xbox.com website will let you know if they're valid - "the email address or password is incorrect" - or not - "That Windows Live ID doesn't exist."
Using these methods you can apparently brute force your way into a near-limitless supply of Xbox Live accounts and use their saved banking details to buy Microsoft Points. That's how it sounds. We haven't tested this, naturally.
Eurogamer has contacted Microsoft about this issue. Microsoft is aware of the issue and Eurogamer is waiting for a formal response.
AnalogHype says that Jason Coutee is a network infrastructure manager who had his own Xbox Live account hacked and used to fraudulently buy 8000 Microsoft Points. He called Xbox Support, who offered to freeze his account but couldn't refund him. He declined the offer and investigated himself, eventually stumbling upon the answer.
Since publishing Susan Taylor's account of Xbox Live fraud, Eurogamer has been contacted by half a dozen other people who were victims of similar exploitation. Thank you, those who have written in. And please do keep letting us know if you've had your Xbox Live account fraudulently used. |  | | |  |
| |
01-13-2012
|
#2 (permalink)
| | | Helping E'ryone! Join Date: Sep 2010 Location: Tennessee
Posts: 6,376
Thanks: 1,642 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Not like they can do anything about bruteforcing other than add better password validation.
__________________ If you're one of them kids that say "You always have a chance of getting banned when modding", Get the **** off, you only get banned if you're stupid with mods.
If you're one of them kids that post threads saying "Should I ...", Kindly get the **** off.
If you complain about getting banned for modding/glitching, get the **** off of a modding/glitching website. |  | | |
| |
01-13-2012
|
#3 (permalink)
| | | Join Date: Sep 2010 Location: Great Britain
Posts: 4,750
Thanks: 3,272 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Don't make your password "password" then. Derp. | | | | |
| |
01-13-2012
|
#4 (permalink)
| | | Join Date: Sep 2010 Location: Spokane, WA
Posts: 1,413
Thanks: 1,222 | | | Re: Is this the hack used to exploit Xbox Live accounts?
| | | | |
| |
01-13-2012
|
#5 (permalink)
| | | MoTM March/November Join Date: Sep 2010 Location: Igloo, Eh?
Posts: 6,535
Thanks: 5,901 | | | Re: Is this the hack used to exploit Xbox Live accounts?
So you're going to tell me that everyone who plays Fifa gets bruteforced?
__________________
XBL: Stevie Rox
PSN: StevieRawks
AIM: Chronus
|    | | |
| |
01-13-2012
|
#6 (permalink)
| | | Totally Trav Join Date: Sep 2010
Posts: 5,195
Thanks: 3,838 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Quote:
Originally Posted by CLK  | Exactly.
Mine are very easy on my Gamertags just because I hate typing long ones on the Xbox.
Though I have nothing on my account of use so I am fine.
My default  Quote:
Originally Posted by StevieRox So you're going to tell me that everyone who plays Fifa gets bruteforced? | No. People are bruteforcing others because of FIFA. They can make real life money off of it.
__________________ ______________________
__________________________
______________________________
__________________________________ 4-15-10 __________________________________
______________________________
__________________________
______________________
__________________ |  | | |
| |
01-13-2012
|
#7 (permalink)
| | | Join Date: Sep 2010 Location: Massachusetts (U.S.)
Posts: 568
Thanks: 333 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Quote:
Originally Posted by CLK | Quote:
It would take a desktop PC
About 21 thousand years
to hack your password
| I think I'm okay. | | | | |
| |
01-13-2012
|
#8 (permalink)
| | | MoTM March/November Join Date: Sep 2010 Location: Igloo, Eh?
Posts: 6,535
Thanks: 5,901 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Quote:
Originally Posted by Totally Trav Exactly.
Mine are very easy on my Gamertags just because I hate typing long ones on the Xbox.
Though I have nothing on my account of use so I am fine.
My default
No. People are bruteforcing others because of FIFA. They can make real life money off of it. | Damnit.. Penis is in the top 408 most used passwords.
Well that sucks..
And I thought it was that everyone who got hacked recently has played Fifa?
I don't get what's so special about Fifa.. like, don't they buy something like Gold Premium Character? What is that?
__________________
XBL: Stevie Rox
PSN: StevieRawks
AIM: Chronus
| | | | |
| |
01-13-2012
|
#9 (permalink)
| | | Join Date: Nov 2010
Posts: 2,716
Thanks: 1,483 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Quote:
Originally Posted by StevieRox Damnit.. Penis is in the top 408 most used passwords.
Well that sucks..
And I thought it was that everyone who got hacked recently has played Fifa?
I don't get what's so special about Fifa.. like, don't they buy something like Gold Premium Character? What is that? | You can buy players and coins. You can then sell them for a lot of money. |  | | The following user thanked this post: StevieRox | |
| |
01-13-2012
|
#10 (permalink)
| Regular Member | | Join Date: Sep 2010 Location: United Kingdom
Posts: 2,618
Thanks: 2,248 | | | Re: Is this the hack used to exploit Xbox Live accounts?
Quote:
Originally Posted by StevieRox Damnit.. Penis is in the top 408 most used passwords.
Well that sucks..
And I thought it was that everyone who got hacked recently has played Fifa?
I don't get what's so special about Fifa.. like, don't they buy something like Gold Premium Character? What is that? | They buy gold premium packs which contains players that the can sell for in-game currency. They then sell on the in-game currency for real cash.
__________________ - XBL - Camzuh
- PSN - RFC_Cameron
| | | | The following user thanked this post: StevieRox | | | Thread Tools | | | | Display Modes |  Linear Mode | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off
| | | All times are GMT -5. The time now is 06:36 PM. | | | | | |
Powered by vBulletin® Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
COPYRIGHT (c) 2010 - 2012 - XboxMB - DESIGN BY: EDENWEBS.COM | | | | |
