March 23rd 2007 9:57 pm PT
Earlier this week when I first heard about the “Xbox Live network hacked” story, I checked with the people on our end, and then posted about it. As originally posted, Xbox Live has not been hacked. That is still true. A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of ‘social engineering’, also known as ‘pre-texting’, through our support center. Kevin gave me a call directly and once I realized what he was talking about (he sent me some painful-to-listen-to audio files) I confirmed that the team is fully aware of this issue. They are examining the policies, and have already begun re-training the support staff and partners to help make sure we reduce this type of social engineering attack.
There’s no other way to say it; this situation shouldn’t have happened. Our customers deserve better.
The Xbox team takes what happened and the resolution of it very seriously. I also wanted to let you know that we’ve posted a page on Xbox.com ‘Troubleshooting Access to your Xbox Live Account‘ that can help you if you have questions. Finally, I chatted with Kevin earlier today and thanked him for bringing this issue to our attention. I also let him know that we have a much better understanding of this issue and that we are reviewing the processes in place to help prevent this in the future.