Hackers Can Pull Credit Card Data from Old Xbox 360 Hard Drives, Report Says

Please wait...

This article was written on an older version of FileFront / GameFront

Formatting may be lacking as a result. If this article is un-readable please report it so that we may fix it.

Published by GameFront.com 10 years ago , last updated 3 years ago

Posted on March 30, 2012, Phil Hornshaw Hackers Can Pull Credit Card Data from Old Xbox 360 Hard Drives, Report Says

UPDATE: We’ve received a statement from Microsoft on this situation. They’re skeptical of the claims, but plan to investigate. Here’s the statement:

We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.

Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.

-Jim Alkove, General Manager, Security of Interactive Entertainment Business at Microsoft


A new study from Drexel University claims that Xbox 360 hard drives leave user financial information vulnerable to being recovered by hackers, even if the hard drives have been reformatted and returned to factory condition.

The story comes from Kotaku, which details the ongoing study. Researchers at Drexel University say they bought a used Xbox 360 and started messing with the hard drive by taking hacking tools to it. They found that while Microsoft protects its own data pretty well on those discs, the company hasn’t really done anything to protect user data — and before long, the researchers found all kinds of user data on the hard drive. Among that information: credit card numbers.

Just how widespread any problem might be isn’t quite clear. The Drexel study has only dealt with a single hard drive at this point, so it’s possible this could be a one-off situation. On the other hand, as Joystiq points out, one wonders if the same information is left unprotected on USB drives used to transfer profiles to other Xboxes. And there’s also the possibility that transferring a profile to another Xbox 360 — say, when you drop by a friend’s house and want to play a little split-screen multiplayer and gather up some achievements.

We’ve reached out to Microsoft for comment on the study.

Comments on this Article

There are no comments yet. Be the first!