Microsoft Denies Used Xbox Credit Card Hack 

Microsoft has said it is looking into reported allegations that hackers may be able to retrieve credit card information off an Xbox 360 -- even after the hard drive has been reformatted.

The initial report of the security issue came from researchers at Drexel University in Philadelphia, Pa. In it the researchers allege that even after restoring an Xbox 360 game console to factory settings, some personal data (including credit card information and billing address) is still stored on the HDD. It then  can be retrieved with the use of "basic hacking tools."

Speaking to Kotaku in a phone interview, researcher Ashley Podhradsky said that Microsoft is not protecting consumers from data theft if a flaw like this could easily be exploited.

"Microsoft does a great job of protecting their proprietary information," said Podhradsky. "But they don't do a great job of protecting the user's data."

According to the researchers' ongoing study, the team purchased a refurbished Xbox 360 from a gaming retail chain for test purposes. Once the system was loaded with custom modding software, the researchers were able to retrieve the previous owner's credit card information.

While Microsoft said that it was investigating the claims, it also went as far as to deny the allegations: "Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described," said Jim Alkove, general manager of Microsoft's security of interactive entertainment business, to Joystiq. "Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

While Microsoft conducts its own investigation into the matter, Podhradsky said the only way to be sure that your credit card information is kept safe when turning in a used Xbox 360 is to reformat it to default system settings, hook it up to a computer and use a third-party tool to securely wipe the drive.

About the Author

Chris Paoli is the site producer for and


  • Spaceflight Training in the Middle of a Pandemic

    Surprisingly, the worldwide COVID-19 lockdown has hardly slowed down the space training process for Brien. In fact, it has accelerated it.

  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.