![Windows Live login suggested as Xbox Live security flaw](https://www.thetechgame.com/images/news/article/d365a4483d.jpg)
AH suspects that the hackers grab gamertags from a game of Halo or Call of Duty, then Google the tags to find associated emails on social networking sites. They now have a potential list of Windows Live IDs. Going to Xbox.com, the hacker can now test if the email is a valid ID by attempting to sign in. An error message of "account is invalid" has them moving on to another email; "password is incorrect" means they've got a real account, but a bad password.
Now, according to the theory, the hackers start batch running potential passwords: "Xbox allows you to enter your password incorrectly 8 times on the website, then it asks for a CAPTCHA code. When hackers get to that CAPTCHA code, there is a link for "try with another Live ID." Clicking this link resets the CAPTCHA code and hackers can continue to force their way in 8 more times before they need to click the link again. This process can easily be automated by a skilled hacker."
Of course, once they are in, the hacker has access to all your account details and associated credit cards, PayPal and Microsoft Points.
Mircrosoft told us recently that the Windows Live ID has not been compromised and the FIFA hack, along with other similar incidents, are cases of social engineering or phishing. We continue to recommend changing -- and not publicly posting -- account details.
Posted:
Source: http://www.joystiq.com/2012/01/13/windows-live-login-suggested-as-xbox-live-security-flaw/#
"Windows Live login suggested as Xbox Live security flaw" :: Login/Create an Account :: 26 comments