Xbox Live

Xbox Live hacker claims 48 million users and passwords exposed

At this stage we cannot substantiate the claims but we have received a link to a pastebin entry created by a user who claims to have hacked Xbox Live.

http://pastebin.com/zEjieFtr

On the above page he lists some user accounts, but he says he has uploaded the full list to a file sharing site as an archive totalling 6.12GB.

The file sharing site in question is BayFiles, which seems to have gone offline. The hacker, calling himself ‘Reckz0r‘ on Twitter suggests that Microsoft is responsible for taking the site offline.

If this is a legitimate claim then it could be the worst PR disaster for Microsoft in recent history. There is no excuse for allowing so many passwords to be reverse engineered in this way – it would be down to poor security. On his Twitter account the hacker claims that Microsoft stores passwords in plaintext format which would be against all security best practices.

Our advice: change your Xbox Live password immediately!

Update:

A Microsoft representative from has told GameSpot “Xbox Live has not been hacked, Microsoft can confirm that there has been no breach to the security of our Xbox Live service.”

This statement paired with the fact the uploaded archive is not currently downloadable suggests that this was just a hoax.

That being said, one wonders what the response from Microsoft would be in the event of a real hack. It would be hard for them to really know so soon if any data was stolen unless they knew some aspects of the statements to be false, such as the claim they used plain text passwords. I’m sure we would all be reassured if Microsoft gave a bit more detail to give us confidence as to whether they encrypt passwords.