If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Researchers claim hackers can pull credit card data from used Xbox 360s

Microsoft launches investigation, labels suggestion "unlikely".

Microsoft is investigating claims made by a university research group that hackers can easily access credit card data stored on secondhand Xbox 360s.

As reported by Kotaku, a team from Drexel University in Philadelphia, USA, claim to have ripped bank card numbers from a pre-owned Xbox using basic modding tools downloaded from the web.

"Microsoft does a great job of protecting their proprietary information, but they don't do a great job of protecting the user's data," said researcher Ashley Podhradsky.

She went on to recommend that anyone getting rid of a console should use a sanitisation program like Darik's Boot & Nuke to ensure their system's hard drive is completely wiped clean. Just reformatting it doesn't do the job, she argued.

"I think Microsoft has a longstanding pattern of this. When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that's not accurate - the data is still available... so when Microsoft tells you that you're resetting something, it's not accurate."

Microsoft has since issued a formal response to the claims, insisting it's carrying out a full investigation.

"We are conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers' claims," Jim Alkove, general manager of Microsoft's security of interactive entertainment business, told Joystiq.

Alkove moved to reassure customers that Drexel University's findings seem "unlikely".

"Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data," he said.

"We can assure Xbox owners we take the privacy and security of their personal data very seriously."

Will you support Eurogamer?

We want to make Eurogamer better, and that means better for our readers - not for algorithms. You can help! Become a supporter of Eurogamer and you can view the site completely ad-free, as well as gaining exclusive access to articles, podcasts and conversations that will bring you closer to the team, the stories, and the games we all love. Subscriptions start at £3.99 / $4.99 per month.

Tagged With

About the Author

Fred Dutton avatar

Fred Dutton


Fred Dutton was Eurogamer's US news editor, based in Washington DC.


More News

Latest Articles

Supporters Only

Eurogamer.net logo

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer.net Merch