'High-Profile' Xbox Live Employee Accounts Compromised in Security Hack
After previously hacked security researcher Brian Krebs let it slip on March 13 that Xbox Live services had indeed been compromised as well, Microsoft confirmed with The Verge that 'high-profile' employees had their information compromised, including their social security numbers, in a hack involving third-party companies sharing Xbox Live information.
The statement on The Verge reads:
"We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members."
Notice, Microsoft does not use the word hacked, as it seems it was not information they held, but information they shared with third-parties that was hacked, therefore allowing the hackers access to the Xbox Live employee information, including social security numbers.
The Verge suspects a hacker by the name of Phobia may be behind it, though no proof of that has surfaced, due to the similar style of security breach performed against Krebs was used against Ars Technica and Wired senior writer Mat Honan. Phobia is suspected in the Honan hack as well.
"According to Krebs, Phobia is part of a four-person Xbox Live gamer team called Team Hype which hijacks Xbox Live Gamertags (specifically targeting Microsoft employees) and selling the accounts to other gamers," writes the Verge.
Microsoft's statement further clarifies the breach:
"Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts. Attackers are targeting high-profile Microsoft employees by social engineering other companies that do use this data to intercept security proofs from Microsoft to compromise the accounts."