Hackers Can Pull Credit Card Data from Old Xbox 360 Hard Drives, Report Says

UPDATE: We’ve received a statement from Microsoft on this situation. They’re skeptical of the claims, but plan to investigate. Here’s the statement:

We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.

Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.

-Jim Alkove, General Manager, Security of Interactive Entertainment Business at Microsoft


ORIGINAL STORY:

A new study from Drexel University claims that Xbox 360 hard drives leave user financial information vulnerable to being recovered by hackers, even if the hard drives have been reformatted and returned to factory condition.

The story comes from Kotaku, which details the ongoing study. Researchers at Drexel University say they bought a used Xbox 360 and started messing with the hard drive by taking hacking tools to it. They found that while Microsoft protects its own data pretty well on those discs, the company hasn’t really done anything to protect user data — and before long, the researchers found all kinds of user data on the hard drive. Among that information: credit card numbers.

Just how widespread any problem might be isn’t quite clear. The Drexel study has only dealt with a single hard drive at this point, so it’s possible this could be a one-off situation. On the other hand, as Joystiq points out, one wonders if the same information is left unprotected on USB drives used to transfer profiles to other Xboxes. And there’s also the possibility that transferring a profile to another Xbox 360 — say, when you drop by a friend’s house and want to play a little split-screen multiplayer and gather up some achievements.

We’ve reached out to Microsoft for comment on the study.

Join the Conversation   

* required field

By submitting a comment here you grant GameFront a perpetual license to reproduce your words and name/web site in attribution. Inappropriate or irrelevant comments will be removed at an admin's discretion.

No Comments on Hackers Can Pull Credit Card Data from Old Xbox 360 Hard Drives, Report Says