If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Researchers claim hackers can pull credit card data from used Xbox 360s

Microsoft launches investigation, labels suggestion "unlikely".

Microsoft is investigating claims made by a university research group that hackers can easily access credit card data stored on secondhand Xbox 360s.

As reported by Kotaku, a team from Drexel University in Philadelphia, USA, claim to have ripped bank card numbers from a pre-owned Xbox using basic modding tools downloaded from the web.

"Microsoft does a great job of protecting their proprietary information, but they don't do a great job of protecting the user's data," said researcher Ashley Podhradsky.

She went on to recommend that anyone getting rid of a console should use a sanitisation program like Darik's Boot & Nuke to ensure their system's hard drive is completely wiped clean. Just reformatting it doesn't do the job, she argued.

"I think Microsoft has a longstanding pattern of this. When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that's not accurate - the data is still available... so when Microsoft tells you that you're resetting something, it's not accurate."

Microsoft has since issued a formal response to the claims, insisting it's carrying out a full investigation.

"We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims," Jim Alkove, general manager of Microsoft's security of interactive entertainment business, told Joystiq.

Alkove moved to reassure customers that Drexel University's findings seem "unlikely".

"Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data," he said.

"We can assure Xbox owners we take the privacy and security of their personal data very seriously."

Topics in this article

Follow topics and we'll email you when we publish something new about them.  Manage your notification settings.

About the Author
Fred Dutton avatar

Fred Dutton


Fred Dutton was Eurogamer's US news editor, based in Washington DC.

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Explore our store
Eurogamer.net Merch