Microsoft has strenuously denied (they used bold and everything) that Xbox Live security has been compromised, claiming that reports of users having their accounts hijacked and used to buy quantities of Microsoft points are the result of phishing.
"We have looked into the situation and found no evidence of any compromise of the security of Bungie.net [which ties into Live, allowing players to view Halo 2 stats] or our Live network," the company said in a statement on a number of its official blogs.
"There have been a few isolated incidents where malicious users have been attempting to draw personal information from unsuspecting users and use it to gain access to their Live account." The company adds that to its knowledge, "no credit card or other personal information was exposed".
It concludes with the assurance that it is always evaluating security policies and procedures, and that users should follow the guidelines in the Xbox Live code of conduct that advise you not to give out things like real name, address and so on to other players.