Microsoft – like most other proprietary tech manufacturers – is very careful to ensure that your XBox only runs Microsoft approved software, but not so avid when it comes to protecting your personal information.
Ashley Podhradsky is one of a group of researchers at Philadelphia’s Drexel University that recently made an interesting discovery:
Podhradsky, along with colleagues Rob D’Ovidio and Cindy Casey at Drexel and Pat Engebretson at Dakota State University, bought a refurbished Xbox 360 from a Microsoft-authorized retailer last year. They downloaded a basic modding tool and used it to crack open the gaming console, giving them access to its files and folders. After some work, they were able to identify and extract the original owner’s credit card information.
We reached out to Microsoft for comment on this issue, but as of press time, they have not yet responded.
Podhradsky isn’t even a gamer, she says. For seasoned modders and hackers, the process might be even easier.
“A lot of them already know how to do all this,” she said. “Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”
…”I think Microsoft has a longstanding pattern of this,” Podhradsky said. “When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that’s not accurate—the data is still available… so when Microsoft tells you that you’re resetting something, it’s not accurate. There’s a lot more that needs to be done.”