Microsoft Denies Used Xbox Credit Card Hack 

Microsoft has said it is looking into reported allegations that hackers may be able to retrieve credit card information off an Xbox 360 -- even after the hard drive has been reformatted.

The initial report of the security issue came from researchers at Drexel University in Philadelphia, Pa. In it the researchers allege that even after restoring an Xbox 360 game console to factory settings, some personal data (including credit card information and billing address) is still stored on the HDD. It then  can be retrieved with the use of "basic hacking tools."

Speaking to Kotaku in a phone interview, researcher Ashley Podhradsky said that Microsoft is not protecting consumers from data theft if a flaw like this could easily be exploited.

"Microsoft does a great job of protecting their proprietary information," said Podhradsky. "But they don't do a great job of protecting the user's data."

According to the researchers' ongoing study, the team purchased a refurbished Xbox 360 from a gaming retail chain for test purposes. Once the system was loaded with custom modding software, the researchers were able to retrieve the previous owner's credit card information.

While Microsoft said that it was investigating the claims, it also went as far as to deny the allegations: "Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described," said Jim Alkove, general manager of Microsoft's security of interactive entertainment business, to Joystiq. "Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

While Microsoft conducts its own investigation into the matter, Podhradsky said the only way to be sure that your credit card information is kept safe when turning in a used Xbox 360 is to reformat it to default system settings, hook it up to a computer and use a third-party tool to securely wipe the drive.

About the Author

Chris Paoli is the site producer for and


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.