Slack security at the Microsoft support helpdesk has been blamed for a spate of cases where Xbox Live customers have had their accounts taken over by hackers. The unlucky gamers are allegedly being defrauded by crooks who like to buy Microsoft Points with other people's credit cards.
Yesterday we reported that an Xbox Live clan called Infamous was going as far as to list the accounts it has stolen on its own website, while also giving the reasons why.
In response to the media attention, the 'Infamous' clan has revealed details of how it manages to steal "at least 10 accounts" every single day. It says it uses a technique known as 'social engineering' to slowly gather as much information about a user as possible.
"Now you may be wondering how we get your information? Its easy, you call 18004myxbox, pretend to be that person, make up a story about how your little brother put in the information on the account and it was all fake, blah blah blah," says the clan on its website.
Little by little
"You might get one little piece of information per call but then you keep calling and keep calling every time getting a little bit more information every time.
"Once you have enough information you can get the password on the Windows Live ID reset, they may tell you they can't, but it's bulls**t. People at Bungie CAN and WILL reset your password."
Meanwhile, Microsoft has denied all reports that users have had their accounts hijacked by hackers. The Redmond company said it has seen no evidence that the security of the Xbox Live service had been compromised.
"There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their Live account.
"We think this is a good time to remind our members that they should never give out any of their personal information."