Pretexters steal Xbox Live accounts
A growing number of Xbox Live users are being locked out of their accounts and having their credit cards used to purchase inordinate numbers of Microsoft Points, according to Shacknews. The cause behind this problem is apparently not a security flaw exploited by hackers, but clans that have made a habit of using social engineering or pretexting to obtain information about other user accounts. One of those clans, which calls itself Infamous, says its method consists of the following:
you call 18004myxbox pretend to be that person make up a story about how your little brother put in the information on the account and it was all fake, blah blah blah you might get one little piece of information per call but then you keep calling and keep calling everytime getting a little bit more information every time. once you have enough information you can get the Pasword on the windows live ID Reset, they may tell you they cant but its bull [expletive]. people at bungie CAN and WILL reset your password. believe me :)
The clan claims to be able to steal "at least" 10 accounts a day. Worse yet, Microsoft's tech support staff is reportedly powerless to assist victims. Shacknews says the problem lies partly with some of Bungie's online community features, which are independent from Xbox Live and thus out of the reach of Microsoft support staff. According to Security Focus, Microsoft has denied that its service has been hacked but stated, "Recently, there have been reports of fraudulent activity and account theft taking place on the Xbox Live network. Security is a top priority for Xbox Live, and we are actively investigating all reports of fraudulent behavior and theft."