We’ve seen this Xbox Live hacking story play out over the last few weeks, and we’ve seen the same arguments thrown up: Hacked users insist they didn’t do anything wrong, and Microsoft insists that Xbox Live is completely secure. Commenters then either bash hacked players for falling victim to phishing attempts, or cast aspersions on Microsoft for covering up a potential security threat.

As of today, we’re starting to see a few more details as to what may actually be causing the problem. Jason Coutee is a network infrastructure manager who also happened to have his Xbox Live account stolen and looted for 8,000 MS Points. Coutee conducted his own investigation (as is becoming the norm) and found a gaping hole in the security measures found on Xbox.com.

Apparently, Xbox.com allows for an infinite amount of incorrect login attempts. No matter how many times you get a password wrong, you can continue trying as long as you’re willing to enter a Captcha code. This means hackers have the option of brute-forcing account passwords, since there’s no consequence for a series of incorrect entries.

There’s naturally no word from Microsoft regarding the issue, and it’s unclear if this is the primary cause of the recent account hacks. However, it’s still a considerable security concern for a website that contains sensitive personal data and credit card information.

We’ll keep you updated as the story develops – we’re expecting some sort of response from Microsoft soon.

Do you think endless password attempts represent a security threat?

[Edge]

Tweet

42.9% of voters think this story ROCKS!

Vote Now!    (3) (4)