When Is A Hack Not A Hack?
When it's brute force. According to a new report from AnalogHype who were contacted by an eagle-eyed hacking victim, the recent spate of unauthorised Xbox Live account access may stem from a vulnerability in the Xbox.com website. Jason Coutee, a network infrastructure manager who had his Xbox Live account hacked earlier this year, noticed that Xbox.com allows users to make eight incorrect password attempts before CAPTCHA challenges them... which can be reset by clicking 'try with another Live ID.' Hackers can therefore run simple automated password-generating scripts and gather lists of Windows Live IDs from numerous online sources.
This is definitely a rumour at present, but a compelling one nonetheless. It certainly explains the sporadic nature of the accessed accounts, since it isn't technically a hack at all, rather a brute force attempt. The FIFA 12 connection, which heavily suggested a loophole in the EA servers, could be explained away simply because it's one of the best selling games of the year with plentiful DLC. We hope that Microsoft will at least issue a statement soon since users are still falling prey to unauthorised access months after this issue was first reported, .