Windows Live login suggested as Xbox Live security flaw
AH suspects that the hackers grab gamertags from a game of Halo or Call of Duty, then Google the tags to find associated emails on social networking sites. They now have a potential list of Windows Live IDs. Going to Xbox.com, the hacker can now test if the email is a valid ID by attempting to sign in. An error message of "account is invalid" has them moving on to another email; "password is incorrect" means they've got a real account, but a bad password.
Now, according to the theory, the hackers start batch running potential passwords: "Xbox allows you to enter your password incorrectly 8 times on the website, then it asks for a CAPTCHA code. When hackers get to that CAPTCHA code, there is a link for "try with another Live ID." Clicking this link resets the CAPTCHA code and hackers can continue to force their way in 8 more times before they need to click the link again. This process can easily be automated by a skilled hacker."
Of course, once they are in, the hacker has access to all your account details and associated credit cards, PayPal and Microsoft Points.
Mircrosoft told us recently that the Windows Live ID has not been compromised and the FIFA hack, along with other similar incidents, are cases of social engineering or phishing. We continue to recommend changing -- and not publicly posting -- account details.
Posted:
Source: http://www.joystiq.com/2012/01/13/windows-live-login-suggested-as-xbox-live-security-flaw/#
Related Articles
Comments
sw4gPosted:
XboxLiveModdersTimingXboxLiveModders I Love The Way Kids Have Started To Follow Simple HF Tuts,
I wish I was a cool cat that thinks he knows what he is talking about :)
I Know What I Am Talking About, Its Not Hard To x-games A Email Address Or Brute Force One,
You're definitely right, a little bit of Social Engineering goes a long way.
CarcerPosted:
TimingXboxLiveModders I Love The Way Kids Have Started To Follow Simple HF Tuts,
I wish I was a cool cat that thinks he knows what he is talking about :)
I Know What I Am Talking About, Its Not Hard To Dox A Email Address Or Brute Force One,
aimiami12Posted:
And you all think sony has more security problems. This is a huge problem for Microsoft, sure the servers werent shut down but still they need better security. Hopefully they are looking into better security
iJarH3adPosted:
Every log in should have security code!
Microsoft doesn't have one, that's kinda stupid.
Microsoft doesn't have one, that's kinda stupid.
SparkiesPosted:
It's kinda funny how kids think there boss doxing accounts. Takes nothing but basic knowledge.
MPAAPosted:
See, if you keep your LIVE ID as secret as your PASSWORD and not being a retard by posting it on on Failbook or Twitter, and not to provide them to ANYWHERE other than XBOX.COM, you won't have any problems!
Services_SrPosted:
i just had been hack and filed a report earlier this week cause 4000 microsoft points were stolen and they said my account would be suspended for a month and in less than a week they resolved the problem and now i got a new code and they also gave me 2 months live i love microsoft!!! really help their customers out
RatchetR01Posted:
That's why my email for xbox live is different from all my others and so is my password.
Latest Downloads
- 01. Caribbean Legend: SaveGame (Passed the Secret Organization Gambit) [v1.0.0](0)
- 02. Jalopy: SaveGame (Pumped up LaikaGT)(0)
- 03. Assassin's Creed 3: Save Game (Game completed 8%, until Chapter 4)(3)
- 04. Supermarket Simulator: SaveGame (Quick start, 172 day, 65lvl)(0)
- 05. GoreBox: SaveGame (Ancient village of the Paleozoic era)(0)
- 06. Need for Speed: Most Wanted (2005) - SaveGame (0% career, 2 BMWs in the garage)(0)
- 07. [EU] CARX DRIFT RACING ONLINE - PROGRESS SAVE 6 SP DUO (CUSA15633)(5)
- 08. Fallout Shelter Modded Save PC(1)
- 09. Remember Me: SaveGame (The Game done 100%)(0)
- 10. The Long Drive: SaveGame (American pickup)(0)
- 11. Goemon's Great Adventure (US / NTSC) - Nintendo 64 Game Save(1)
- 12. The Long Drive: SaveGame (blue VW Beetle)(0)
- 13. Deadly Creatures | Complete Savegame(1)
- 14. Driift Mania | 100% Savegame(0)
- 15. LostWinds: Winter of the Melodias | 100% Savegame(0)
Latest Tutorials
- 01. The Redress Of Mira 100% Walkthrough | Trophy & Achievement(496)
- 02. Russian Pinocchio Quick Trophy Guide(604)
- 03. Venatrix Quick Trophy & Achievement Guide(601)
- 04. Call of the Sea 100% Platinum Walkthrough(706)
- 05. Wire Lips 100% Platinum Walkthrough(686)
- 06. The Expanse 100% Platinum Walkthrough | Trophy & Achievement(663)
- 07. Doctor Who: The Edge of Reality - PS4 Platinum P/Thru(581)
- 08. Doctor Who:The Lonely Assassins - 100% Guide(524)
- 09. DAYMARE 1998 PS4 - Full game 100% TROPHY WALKTHROUGH(497)
- 10. Stray Platinum Walkthrough | Trophy & Achievement Guide(508)
- 11. Raji: An Ancient Epic | Complete Gameplay Walkthrough(658)
- 12. Corpse Killer: 25th Anniversary Edition - Longplay(664)
- 13. Song of Horror: Complete Edition Gameplay Walkthrough(434)
- 14. Remoteness 100% All Trophies Walkthrough(653)
- 15. Detective Inspector Mysterious Clues Platinum Walkthrough(542)
"Windows Live login suggested as Xbox Live security flaw" :: Login/Create an Account :: 26 comments