Recently, reports have begun circulating that gamers using Microsoft’s Xbox Live online service may have had their accounts stolen or credit card information used to run up Microsoft Points, the online currency used to purchase games, media, and services on the network. Xbox online forums have been dotted with reported incidents of accounts having been "hacked" and credit information used to fraudulently purchase points; some gamers reporting logging into find their accounts suspended or to have the network claim their Gamertag (online ID) was already in use.
In a statement, Microsoft seeks to put the kibosh on fears of a widespread crack to Xbox Live security, saying the company has found no evidence of a security compromise in the Xbox Live network or Bungie.net, although Microsoft acknowledges there have been isolated incidents were malicious users have attempted to dupe Xbox Live users into revealing personal information and other details in order to gain access to their Xbox Live accounts. Such "social engineering" attempts to fraudulently access accounts have little or nothing to do with the technology or security safeguards in place on an online service, and instead rely on tricking a valid account holder into revealing confidential information.
Security is a top concern for many members of Microsoft’s Xbox Live service, aware that Microsoft operating systems and services have for years been favorite targets of cybercriminals, phishers, virus writers, and other malicious online attackers. Microsoft is eager to assure its customers that Xbox Live security has not been compromised, but also warns its users to take steps to reduce their risk of identity theft (PDF).
