Xbox LIVE creator's LIVE profile hacked - fiasco shines light on old holes in LIVE security

Published Date
30 - Mar - 2010
| Last Updated
30 - Mar - 2010
 
Xbox LIVE creator's LIVE profile hacked - fiasco shines light on...

Major Nelson, A.K.A Larry Hryb, Microsoft biggie, Director of Programming for Xbox LIVE, seems to have had his profile misused, or, as Kotaku puts it, “hacked”. It appears that Mr. Hyrb’s login info might somehow have been stolen, with the thief then updating Major Nelson’s publically displayed profile information with various unsavoury and untrue titbits.


This act of ‘cyber terrorism’, or more specifically ‘console network terrorism’, is claimed by the man behind the website www.lightzz.com, a Mr. Droid Monkey, who has gone so far as to post a video on YouTube showing this exploit, and tell viewers that he and his friends can “hack accounts” for $60 a pop. Check out the pictures and video (named "Major Nelson Jacked" and now removed from YouTube "due to to terms of use violation") below. 

 

 

 

 


Microsoft has yet to comment on the matter. The “gated community” that is the Xbox LIVE network is apparently rife with security loopholes, and community members have been feeling unsafe for a long time. If you have ever used your credit card on the LIVE network, you might know that its information is saved automatically in the profile unless turned off in a little known and recently provided manner, and that it can be accessed by anyone who logs in to your account. What makes matters worse is that simple “brute-force password attempting” scripts can easily break into your account, as Microsoft neglects to lock the account after stipulated login attempts. Thieving of accounts is said to have been going on for years now, and Xbox LIVE users – and victims who claim to have in the past been told that the Xbox Live network has not been hacked but that they, the victims were not safe with their login info – are hoping the Nelson fiasco will help wake fat cat Microsoft up.

 Mr. Droid Monkey has certainly made it easy enough to catch him, with his address, phone number and name freely available on his YouTube profile page. It’s a veritable menagerie folks.
 

Team DigitTeam Digit

All of us are better than one of us.