Microsoft Denies Used Xbox Credit Card Hack 

Microsoft has said it is looking into reported allegations that hackers may be able to retrieve credit card information off an Xbox 360 -- even after the hard drive has been reformatted.

The initial report of the security issue came from researchers at Drexel University in Philadelphia, Pa. In it the researchers allege that even after restoring an Xbox 360 game console to factory settings, some personal data (including credit card information and billing address) is still stored on the HDD. It then  can be retrieved with the use of "basic hacking tools."

Speaking to Kotaku in a phone interview, researcher Ashley Podhradsky said that Microsoft is not protecting consumers from data theft if a flaw like this could easily be exploited.

"Microsoft does a great job of protecting their proprietary information," said Podhradsky. "But they don't do a great job of protecting the user's data."

According to the researchers' ongoing study, the team purchased a refurbished Xbox 360 from a gaming retail chain for test purposes. Once the system was loaded with custom modding software, the researchers were able to retrieve the previous owner's credit card information.

While Microsoft said that it was investigating the claims, it also went as far as to deny the allegations: "Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described," said Jim Alkove, general manager of Microsoft's security of interactive entertainment business, to Joystiq. "Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

While Microsoft conducts its own investigation into the matter, Podhradsky said the only way to be sure that your credit card information is kept safe when turning in a used Xbox 360 is to reformat it to default system settings, hook it up to a computer and use a third-party tool to securely wipe the drive.

About the Author

Chris Paoli is the site producer for and


  • Exchange Server June Cumulative Updates Arrive, but with Red Tape

    Microsoft released its quarterly cumulative updates (CUs) for Exchange Server 2013, 2016 and 2019 products this week, but added an extra step for IT pros to consider before installing them.

  • Moving an Old VM to a New Hyper-V Host

    So you want to know whether a Hyper-V virtual machine built on a legacy host will be supported by a newer server? There's a PowerShell command for that.

  • AI-Driven Solution Tracks Packets Through the Datacenter

    Datacenter solutions vendor Kaloom this week unveiled a new offering the company says will enable the development of "self-driving" datacenter networks.

  • Microsoft Previews Azure Bastion Service for Private VM Access

    Microsoft on Tuesday announced a preview of the Azure Bastion service, which lets a user connect to an Azure virtual machine (VM) using a private Internet connection.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.