Thinking about getting rid of your old Xbox? Be careful about where it lands next, because somewhere in the device, your credit card details are just waiting to be cracked open by an enterprising hacker.

Information-security researcher Ashley Podhradsky has found that even restoring the Xbox to its original factory settings doesn’t completely wipe the slate clean, either. In an interview with gaming blog Kotaku, the Dakota State PhD and Drexel professor said, “Microsoft does a great job of protecting their proprietary information, but they don’t do a great job of protecting the user’s data.”

Last year, Podhradsky and three fellow researchers bought a used Xbox from a Microsoft-approved retailer. With a little work, they were able to extract certain files and yes, the previous owner’s credit card numbers.

Podhradsky continued to say that an experienced console hacker wouldn’t even take as much time as the researchers did to get the data. “A lot of them already know how to do all this,” she told Kotaku. “Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”

If you’re thinking about selling or donating your Xbox, be sure to use some sort of hard-drive sanitation software on it first. The Dakota State research team particularly recommends Darik’s Boot and Nuke, which can be used if you detach your Xbox hard drive and hook it up to your PC.

Image courtesy of Maximino, Shutterstock