Microsoft Owns Up To Xbox Live Pretexting

News Posted 26/03/07
Author: PV5150
Source: ComputerWorld

XBOX Live logo

Earlier we brought you the news of Microsoft’s investigation of possible fraud on its XBOX Live service , following customer complaints of having their accounts stolen. Well it appears that Microsoft have admitted that the service’s support staff is at fault, apparently victims of “‘pretexting” calls by identity thieves.

As recently as Friday, the company was saying only that it had “found no evidence” of a data breach, and that any thefts had occurred could be blamed on users giving out personal information. That assertion changed yesterday.

“A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of ‘social engineering,’ also known as ‘pretexting,’ through our support center,” said Larry Hryb, director of programming at Xbox Live, in a blog entry. “Once I realized what he was talking about — he sent me some painful-to-listen-to audio files — I confirmed that the team is fully aware of this issue. They are examining the policies and have already begun retraining the support staff and partners to help make sure we reduce this type of social engineering attack. “There’s no other way to say it; this situation shouldn’t have happened. Our customers deserve better,”

The article can be found here

There are certainly some issues that need to be urgently addressed with the ‘Live’ service.

Discuss in our forum