If your Xbox Live account has been hacked chances are it’s because you used a weak password. According to this post xbox.com reveals if a hacker has found a legitimate email address by printing the following error:
The email address is or password is incorrect. Please try again.
After 8 attempts with a wrong password a CAPTCHA is shown but that can be easily circumvented.
Now, showing that error message makes the job of hacking accounts easier but if it wasn’t there you can be sure that login page would be (and is being) hit by dumb bots that stuff the login page with random emails and passwords. My blog gets hit by so many bots exploiting vulnerabilities for software that doesn’t even run on here that nothing surprises me any more about the intelligence of script kiddies.
It would be super if Microsoft used something like Steam Guard or at the very least put time limits on successive password checks but in the meantime what can you do?
- Use Lass Pass or another password service and pick a strong password. Use a pass phrase, “talking heads is a great band”, “i wish i had super powers”, “use your own imagination”. They’re all a lot better than “abcdefg1” and a lot easier to remember! Connect a keyboard to your Xbox to type a long phrase in or you’ll be discouraged.
- Limit the damage. Don’t add your credit card to Xbox Live. Sometimes you can buy an Xbox Live Gold subscription at half the price Micrsoft charges. Buy points cards if you want to buy stuff. Until recently it was hard to stop XBL auto renewing if you used a credit card.
- Go live in a hole in the hills and play marbles with the mice.
My XBL Gold subscription ran out a few days ago so I’m back to being a silver member. Not too fussed as almost everyone I play online with has a PS3 or PC too. I’m left wondering why I need an Xbox 360 any more! I will make doubly sure that I have a strong password on the account.
Thanks Gavin for linking to that article, even if we do disagree about what a security hole is.