14 DAY TRIAL // The vulnerability used by hackers to break into Xbox Live accounts might have been uncovered recently, as two websites have posted similar walkthroughs that show how cyber-attackers could exploit Microsoft’s Xbox.com website and force their way into the accounts of its users.
While Microsoft has denied in recent months that its Xbox Live online service was hacked, more and more users are reporting that their accounts were broken into. After accessing the account, hackers would use the credit card information associated with it to buy lots of virtual MS Points and then sell the accounts to other people.
Now, it seems that the vulnerability used by these hackers has been uncovered, as an Xbox Live user called Jason Coutee contacted both Eurogamer and AnalogHype to offer a sort of walkthrough that was used to break into Live accounts.
According to the information provided by the two websites, the vulnerability is tied to Microsoft’s Xbox.com website, which allows users eight password attempts before displaying a special ‘Captcha’ message to ensure it’s not dealing with an automated script.
Jason said that these eight attempts allow hackers to mount brute force attacks that, eventually, result in access to the account.
What’s more, the website also displays two different messages when trying to access an account, a fact that once again comes to the aid of hackers. More specifically, if you enter an email address that doesn’t have an actual Xbox Live account, the error messages says “That Windows Live ID doesn't exist.” If the email address is correct and the password isn’t, the message then says “The email address or password is incorrect.”
Microsoft has yet to comment on this new reveal but, if it’s true, the company needs to seriously improve the security measures on its Xbox.com website in order to prevent hackers from continuing to break into the accounts of its customers.
Expect more details about this situation in the near future.