Microsoft has begun looking into what might be a possible security breach on the XBox 360. Researchers Ashley Podhradsky, Rob D’Ovidio and Cindy Caseyat from Drexel University and Dakota State and Drexel University told Kotaku this week that they purchased an Xbox 360 through an authorized retailer, downloaded a “basic modding tool,” and were able to use it to uncover credit card numbers and personal information stored on the system.
Podhradsky comments after the findings:
“I think Microsoft has a longstanding pattern of this. When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that’s not accurate—the data is still available… so when Microsoft tells you that you’re resetting something, it’s not accurate. There’s a lot more that needs to be done.”
LTG contacted Microsoft PR and got the following quote from Jim Alkove, GM of security for Microsoft’s game divison:
“The [researchers’] claims are improbable. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously. We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.”