Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Windows Live may be a vulnerability for Xbox Live

Windows Live may be a vulnerability for Xbox Live users

Are hackers exploiting a vulnerability in Windows Live to buy Microsoft Points on Xbox Live illegally?
This article is over 12 years old and may contain outdated information

Recommended Videos

In continuation with the ongoing investigation regarding suspicious activity on the accounts of Xbox Live users, some gamers are taking matters into their own hands. Jason Coutee, a network infrastructure manager who had his Xbox Live account hacked decided to look into the issue himself after Xbox Live customer service failed to be of much help.

After Coutee had realized that his credit card had been charged with a purchase of 8000 Microsoft Points, he called the Xbox Live support desk only to find out that another transaction for an Xbox Live Family Pack was in the middle of being processed. Coutee canceled the purchase and customer service offered him the standard 30 day account freeze in order to investigate.

Coutee researched potential account vulnerabilities and came away with a possible link to Microsoft’s Windows Live ID system. Hackers can feasibly gather a list of gamertags from any Xbox Live multiplayer game and enter each one on Google. Certain social networking sites may turn up in the search with a valid e-mail address attached to that gamertag. The hackers would then check that e-mail on the Windows Live login page. If the hacker gets the error message, “account is invalid”, the user may have updated their information. However if the error message, “password is wrong” comes up, the hacker has found a valid ID and simply needs to figure out the password.

The article at Analog Hype mentions how these hackers would then go about getting into the account by running a script program which would attempt to detect several passwords and try logging in with them.

“Now with a simple script, hackers can brute force their way into your Xbox Live account. The script would batch run a list of potential password, which anybody can find online with a simple Google search. The script will attempt to enter these potential passwords until it gets in. Xbox allows you to enter your password incorrectly 8 times on the website, then it asks for a CAPTCHA code. When hackers get to that CAPTCHA code, there is a link for “try with another Live ID”. Clicking this link resets the CAPTCHA code and hackers can continue to force their way in 8 more times before they need to click the link again. This process can easily be automated by a skilled hacker.”

Once they’re in the account, they have access to all of your account details and credit cards that may be associated with it. The article offers a valid point in how Microsoft can prevent, or at the very least assist Xbox Live users in keeping their account safe – contacting the owner of the account via e-mail after there have been more than “X” amount of failed login attempts.

It’s become an all-too cliché piece of advice, but it is worth reiterating over and over: do not keep your login information consistent across all of your various internet accounts. It’s definitely a pain in the ass, yet taking that extra step may ensure that you do not have to go through an ordeal like Coutee’s and countless others who have had similar experiences.


Attack of the Fanboy is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy