Used Xbox's vulnerable for hackers to gain credit card info

Used Xbox's vulnerable for hackers to gain credit card info


Save Story
Leer en espaƱol

Estimated read time: 2-3 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY -- You might want to hang onto that old Xbox for a while. According to a Kotaku report, even resetting your system to "factory default" may not prevent the next owner from accessing your information.

Drexel University researchers have discovered a relatively simple method that uncovers personal information of the previous owner of an Xbox 360.

Ashley Podhradsky, one of the researchers at Drexel, spoke to Kotaku in an interview. She claimed that their research has shown a way for hackers and modders to rummage through a system's hard drive and find your credit card number or other personal data through the use of common tools.

Podhradsky remarked to Kotaku that Microsoft is doing a "disservice" to its consumers.

"Microsoft does a great job of protecting their proprietary information," Podhradsky said in an interview. "But they don't do a great job of protecting the user's data."

Podhradsky worked alongside fellow Drexel researchers Rob D'Ovidio and Cindy Casey, as well as Dakota State University researcher Pat Engebretson. The team bought a refurbished Xbox 360 from a Microsoft-authorized retailer in 2011, obtained a basic modding tool and cracked open the console. After searching through the innards, Podhradsky and company were able to obtain the credit card information of the original owner.

Microsoft released an official statement in response to the findings Drexel reported:

"We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims.


Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described.

–Official Microsoft statement


Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

At this point, consumers are left to decide who they would rather believe: the research team at Drexel or Microsoft representatives.

One should take note, however, that retailers like Gamestop typically do not require a hard drive with trade- in of a used Xbox 360. If you do wish to trade in your hard drive in addition to your console, there are tools available to "clean" the drive in a safe and effective manner. Darik's Boot and Nuke, a free, open- source software that currently holds a 4.5- star rating on CNET, will completely eliminate any and all files from a hard drive.

Related links

Most recent Features stories

Related topics

Features
Alex Larrabee

    STAY IN THE KNOW

    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the KSL.com Trending 5.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.
    Newsletter Signup

    KSL Weather Forecast

    KSL Weather Forecast
    Play button