Microsoft: 'Unlikely' that credit card details can be lifted from Xbox consoles

Summary:Microsoft claims that a data leakage is unlikely given that credit card information is not stored on the console.

Microsoft casts doubt over claims that credit card details and other sensitive information can be accessed from refurbished Xbox 360 consoles.

Researchers at Drexel University in Philadelphia claimed that they were able to harvest credit card details and other private information belonging to the previous owner from a refurbished Xbox 360 purchased from a Microsoft-authorized reseller.

See also:  Hackers can steal credit card data from used Xbox 360sMicrosoft investigating used Xbox 360 credit card hack

Speaking to gaming site Kotaku, Drexel University researcher Ashley Podhradsky said, "Microsoft does a great job of protecting their proprietary information. But they don't do a great job of protecting the user's data."

Information on how the data was accessed is limited, but the researchers claimed that they used a basic modding tool to gain access to the file system on the console, from which they were able to get access to the sensitive information.

Microsoft has issued a statement saying that is it investigating the claims, but says that such data leakage is unlikely given that credit card information is not stored on the console.

"We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims.

Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

Whatever the outcome of this investigation, it does help to highlight the fact that data might still be present on electronic devices, and that once these devices are no longer under our control, it may be possible for others to access this data.

If you're worried about residual data on your Xbox console, detach the drive, connect it to a PC and securely wipe it with a program like Darik's Boot & Nuke.

It's the only way to be sure.

Image credit: Wikimedia Commons.


Topics: Microsoft, Banking, Hardware, Mobility


Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.