Microsoft to Investigate Alleged Xbox Credit Card Hack

Microsoft is looking into a potential security issue affecting its Xbox 360 video game console this week after a group of college students claimed they were able to extract the credit card information of a console’s previous owner from the machine.

Microsoft is looking into a potential security issue affecting its Xbox 360 video game console this week after a group of college students claimed they were able to extract the credit card information of a console’s previous owner from the machine.

Ashley Podhradsky, Rob D’Ovidio, and Cindy Casey of Drexel University and Pat Engebretson of Dakota State University reportedly bought a refurbished Xbox from a Microsoft-authorized reseller in 2011 and were able to access old files containing the credit card information of the device’s first owner. Despite having its hard drive wiped and its factory settings previously reset, the console was cracked after the students installed a software “modding” tool that allows Xbox owners to install applications that aren’t sanctioned by Microsoft.

Microsoft called the hack unlikely in a statement obtained by ZDNet on Monday.

Jim Alkove, General Manager, Security of Microsoft’s Interactive Entertainment Business division, claimed the company launched an investigation into the hack. Alkove asserted that Xbox 360 consoles are not designed to store credit card data, adding that it was unlikely any information was recovered in the fashion the hackers described.

“When Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data,” Alkove said, “we can assure Xbox owners we take the privacy and security of their personal data very seriously.”

Gawker’s video game blog Kotaku interviewed Podhradsky about the device’s security late last week.

“Microsoft does a great job of protecting their proprietary information,” she told the site, “but they don’t do a great job of protecting the user’s data.”

While the security of Microsoft’s gaming console (Xbox Live phishing attempts, etc.) has been called into question before, this is one of the first reports that claim the console’s physical hard drive may be at risk.

NASA, whose hard drives arguably carry more sensitive information than an Xbox, caught similar heat in 2010 after it was found not adequately wiping, sanitizing and destroying its own hard drives.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.


  • Anonymous on

    By "wipe" they mean akin to you dragging something to the trash bin, rather than actually writing random bits over the whole drive.

    Any computer hobbyist knows any information left behind (including a credit card number on a cache somewhere) can be searched for and found.

  • Gary Driggs on

    Maybe so but your average console owner barely knows what a hard drive is.

  • Anonymous on

    To make an assumption that users are "too stupid" to find this info/extract it or even know what to do with it is a complete "cop out". What happened to the standard DoD 5220.22-M for clearing and sanatizing of data, does no one do this anymore? Oh Microsoft, please don't be another sheep in the heard, your better then that!!

  • credit card on

    Worldwide CVVs Shop | VERIFIED SELLER |


    Hello all buyer : i'm a professional Hacker and i have for all goods good and fresh live cc my CVV are the best for you. with up to $3500 inside each of them

    I'm Seller for: CC, CVV US,UK,CA, EURO,AU, Italian,Japan,France,...all cc. Paypal verify, Software Spam mail mail list,

    CC fullz info, CC DOB, Dump

    sell cvv.i can also Hack money to your private bank account with the bank not nowing,i can also transfer money that is up to $5,000 to your cc,visa, master card or any other card.

    i can also Hack thousands of dollars to your paypal account, liberty reserve account Alert pay account or any online account.

    we also teach people How to hack cc, bank transwer. western union transfer...and lot more


    i don't sale my cc for $5 or $20 dollars cos am not a scam.. i work very hard to get my if you are looking for cc of $20 or $30..don't contact me...


    cc number|Card Exp date |cvv|Name|Mailing Address|City|State|Zip Code|phone number|email.


    brazil .italy cc have dob..


    if u interested . contact me =>


    windoow live meesenger..


    Yahoo messenger : creditcard_shop

    emial me on.

    .... don"t ask for free one.

    * List cc i have and prices : 

    bin of my choice = 40$

    US Classic = 40$

    US Debit Classic 70$

    US MC Standard = 80$

    US Gold = 70$

    US Platinum = 120$

    US Business-Corporate = 120$

    US Purchasing-Signature = 150$

    US MC World = 120$


    Canada Dumps:

    Canada Classic = 70$

    Canada MC Standard = 90$

    Canada Gold = 120$

    Canada Platinum = 150$

    Canada MC World = 120$


    Europe Dumps:

    EU Classic = 70$

    EU MC Standard = $80

    EU Gold = 120$

    EU Platinum = 150$

    EU Business-Corporate = 150$

    EU Infinite = 200$


    *** Transfer Western Union / bank 


    geria and very easy to cashout African) : 

    - 500$ you will have mtcn : 10000$ 

    - 400$ you will have mtcn : 8000$ 

    - 300$ you will have mtcn : 5500$ 

    - 200$ you will have mtcn : 3500$ 

    - 100$ you will have mtcn : 1500$ 

    * Give me your western union info and payment 

    me fee. 

    ATM Skimmer Wincor Nixdorf : $ 3000 

    ATM Skimmer Wincor : $ 3000 

    ATM Skimmer Slimm : $ 3000 

    ATM Skimmer Slim : $ 3000 

    ATM Skimmer NCR : $ 3000 

    ATM Skimmer Diebold Opteva : $ 2500 

    ATM Skimmer Diebold : $ 2000 

    ATM Skimmer Universal : $ 4000 

    ATM Skimmer Small : $ 2500 

    Then i will do transfer’s for you, After 

    about 20 mins you’ll have MTCN and sender 


    add me on your yahoo messnger.. creditcard_shop

    or email me.


    I accept LR or WU but i only accept WU > $70 and above

    - I was so happy to see you actually make more money from the business with me

    Thank you all! When you trust me, work with me. And if dont trust me,dont contact me, dont waste time. 

    I only work with reliable buyers


    Yahoo Messenger:creditcard_shop



    windoow live meesenger..



Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.