Xbox Live policy director's account hacked

The video, which Infosecurity notes is both rambling and racist, asserts that, because of language issues, it is possible to use social engineering techniques to extract account passwords from overburdened support staff in India.

Stephen Toulouse, Xbox Live's policy director, has confirmed his account was hacked on Twitter. Unconfirmed reports suggest that Xbox has started a top-level enquiry into the issue and is working with law enforcement officials.

The hacker - calling himself Predator - claims he was upset with Toulouse for repeatedly banning him from the online service and has started offering to hack other Xbox accounts for $250.00

The Softpedia newswire says that Predator's modus operandi appears to be social engineering and that the attach methodology should not - in theory at least - be successful.

This is because, says the newswire, "large domain registrars have security checks in place for procedures that deal with changing ownership or recovering control of a domain."

"However, it only takes one poorly trained employee for this system to break down. For example, Baidu, the company operating the largest Chinese search engine, sued Register.com for gross negligence after one of its staff handed over control of Baidu.com to a hacker", the newswire notes.

"The attacker failed to produce valid answers for the identity verification checks and used a suspiciously named @yahoo.com email address as new contract for the domain, something that should immediately have triggered red flags", the newswire adds.

According to the UberGizmo portal, meanwhile, Predator appears to have not only hacked the Xbox account of the Xbox policy director, but also taken control of his Stepto.com domain from Network Solutions, his hosting provider.

What’s hot on Infosecurity Magazine?