Well known Xbox Live spokesman Larry “Major Nelson” Hryb has further clarified reports last week of a security breach on Xbox Live after previously stating
that there was no evidence of any compromise of security.
Speaking again in his widely read blog, Hryb went into further detail on the incident
: “As originally posted, Xbox Live has not been hacked. That is still true. A security researcher, Kevin Finisterre, discovered not a hack, but the fact that some accounts may have been compromised as a result of 'social engineering', also known as ‘pre-texting’, through our support center.”
Pre-texting is an increasing common technique for obtaining secure personal details using publicly available details, such as a member of the public’s date of birth or social security number. It can also involve impersonating authority figures such as the police or bank staff.
The tactic of pre-texting occurs predominately over the telephone, and Hryb indicates that Xbox Live call staff are being re-trained in order to avoid similar problems in the future. Hryb ended his comments by stating, “There's no other way to say it; this situation shouldn't have happened. Our customers deserve better.”
Initial reports had suggested that website Bungie.net and Xbox Live itself had been hacked. But the pre-texting explanation implies that the security breach was not of a technical nature, and that Microsoft has simply been the victim of a form of fraud common to many other businesses.