Microsoft investigating used Xbox 360 credit card hack
![emil-protalinski.jpg](https://www.zdnet.com/a/img/resize/b0eb10eb475310fd4c51483b48405595226c71bd/2014/07/22/31793719-1175-11e4-9732-00505685119a/emil-protalinski.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
"We are conducting a thorough investigation into the researchers' claims," Jim Alkove, General Manager of Security in the Interactive Entertainment Business division at Microsoft, said in a statement. "We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."
Here's what I said the software giant needs to do in my previous coverage:
Microsoft will need to verify whether or not all Xbox 360 hard drives, as well as USB drives that have had profiles transferred onto them, store the sensitive information and why the factory reset option isn't deleting this data. If this turns out to be the case, Redmond will have to offer instructions for what users can do to protect their credit card details, especially if they're looking to sell their console.
I will keep you posted on Microsoft's investigation as this story develops.
See also: