14 DAY TRIAL // Hackers have found a weakness in Microsoft's prepaid code generating algorithm and exploited it to give free Microsoft Points to hundreds of people.
Microsoft Points (MSP) are the virtual currency used on many Microsoft online services, like Xbox Live Marketplace, Games of Windows - Live Marketplace, Windows Live Gallery or Zune Marketplace.
They can be used to buy content without providing credit card information and can be acquired online or as prepaid cards from retail shops.
According to gaming news outlet Save And Quit, earlier this week a website started offering free Microsoft Points to users.
There are many scams targeting gamers that use free Microsoft Points as lure, but this particular site was actually delivering on that promise.
It allowed people to input any 4-digit numbers and it would generate codes that could be used to obtain Microsoft Points for free.
The method was not 100% accurate as not every code worked, but apparently a majority of them did. As the word spread, the website got so much traffic that it became unresponsive.
At the same time there was also a program being circulated around that could generate codes for 160 MSP, a Halo Reach Banshee avatar prop, or a 48 hour Xbox Live trial.
A version of this program was hosted at Megaupload and a link to it was being distributed on Xbox pirating websites.
As one would expect, it wasn't long until Microsoft learned of what was going on and patched the hole, but it's unclear how much fake currency was introduced on the market.
A suggested figure of $1.2 million was dismissed by a Microsoft spokesperson who said the damage was "nowhere near that amount." However, no official figure has been released.
A user who took advantage of the flaw said he was able to obtain $150-worth of MSP in around 20 minutes. The conversion rate is 800 MSP for $10, so at 160 MSP per code, it means he performed an estimated 75 fraudulent recharges.
"Our Policy and Enforcement team is evaluating whether or not certain individuals have violated the Terms of Use for Xbox LIVE and will take the appropriate enforcement on an individual basis. Codes obtained legitimately by users will not be impacted," the Microsoft spokesperson added.