Security researchers from two universities pretty much stunned Xbox users when they revealed that even after the hard drive of the console is wiped and it is restored to the factory settings, they could still retrieve credit card information from the device. Now, Microsoft has officially stated that it is looking into the matter so as to verify if this claim is true.
Most of the refurbished Xbox 360s available at Microsoft-authorized retailers fall within this category. And the security researchers who first made this own, worked their trick on a console they got from one such retailer. If their claim turns out to be true, it could risk the credit card information of millions of users.
According to the General Manager of Security in the Interactive Entertainment Business division at Microsoft, Jim Alkove, ‘We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims. Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described.’
We still have to go wait for the company to complete the investigations to verify the correctness of the researchers’ claims. Since Microsoft claims that the credit card data is not stored locally, the case of the researchers may have been an exception. Alkove further stated, ‘Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.’
Image courtesy Ian D.