Xbox live accounts hacked! Is your SSN safe?

As more of the story about the simultaneous cyber attack and real-world “Swatting” carried out against security researcher Brian Krebs comes to light, one of the significant details has the reported targeting of Microsoft employees for hacking. Allegedly, the hackers who targeted Krebs did so because he helped to reveal the method by which they have been compromising the accounts of “Microsoft employees who work on the Xbox Live gaming platform,” Krebs writes. The method apparently involves acquiring and then utilizing the employees’ social security numbers along with some social engineering to obtain (and apparently then sell) access to those accounts.

As you can see in Microsoft’s statement above, the company is working with both “law enforcement and other affected companies” to close off the loophole this hack has uncovered. It’s a “stringed social engineering technique,” as Microsoft describes it, that sounds remarkably similar to the multiple steps involved in the famous hack Mat Honan suffered last year. The very same hacker, who goes by “Phobia,” may have been involved in both cases.

Chaining together security loopholes from multiple companies seems to be an increasingly common tactic. It lines up with the description Krebs published about the method as well, which allegedly involved “phone companies” in some way.

Krebs may not have been the only person targeted recently, as Ars Technica also said it had suffered a denial-of-service attack that could be linked to Phobia. For its part, Microsoft is directing Xbox Live users to its standard security recommendations at xbox.com/security. However, for now the strongest line of defence offered there appears to be those self-same “security proofs,” at least one of which was compromised thanks to a third party.

More Stories on Xbox:

Source: Verge