The Xbox Live accounts of some ‘high profile’ Microsoft employees were targeted by hackers, the company has confirmed.
The news was first revealed in the wake of a cyber attack against security researcher Brian Krebs, who said that he was victimised by hackers because of his role in uncovering the techniques they used to hack the accounts belonging to "Microsoft employees who work on the Xbox Live gaming platform.” The methods in question reportedly involve using employees’ personal details, including social security numbers and other information obtained through social engineering.
Following Krebs’ account, Microsoft confirmed to the Verge that "a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees" had indeed been breached. But the firm denied that Xbox Live accounts use gamers’ social security numbers. Rather, hackers obtained the details from a third party entity and used it to compromise Microsoft employee accounts. The method brings to mind the infamous case of Mat Honan, a journalist whose entire digital life was systematically by hacker relying on social engineering.
“Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts. Attackers are targeting high-profile Microsoft employees by social engineering other companies that do use this data to intercept security proofs from Microsoft to compromise the accounts,” Microsoft said.
“We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members,” the company added.