Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this upcoming January 25-27, 2022. Learn more about the event.
A number of “high profile” Xbox Live accounts belonging to Microsoft employees were hacked, according to a statement from Microsoft, who says the attackers used a number of social-engineering tactics to get access.
The statement from Microsoft reads:
We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox Live accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members.
This is more than a surface-level social engineering attack on Microsoft, however. Brian Krebs, a security reporter who was recently “swatted,” or pranked when someone reported a fake incident that had police at Krebs’ door, found the prankers were actually a group of hackers. The group of four, according to Krebs, was seeking revenge after he reported on a website called ssndob.ru where people were selling social security numbers. This is reportedly one of the tactics used to gain access to the Xbox Live accounts.
The 2nd Annual GamesBeat and Facebook Gaming Summit and GamesBeat: Into the Metaverse 2
January 25 – 27, 2022
As it turns out, Krebs also connected one of the hackers from this group called TeamHype to the hacker who took down Mat Honan’s digital life in 2012. This hacker, called Phobia, may have also been behind the “swatting” prank.
Microsoft responded saying that it does not use social security number in its Xbox Live accounts, but that the hackers were effectively “daisy-chaining” by social engineering one of Microsoft’s partners (see: “affiliated companies in the statement above) and gaining enough information to bypass Microsoft’s “security proofs” or the information it collects to make sure you are who you say you are.
GamesBeatGamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. How will you do that? Membership includes access to:
- Newsletters, such as DeanBeat
- The wonderful, educational, and fun speakers at our events
- Networking opportunities
- Special members-only interviews, chats, and "open office" events with GamesBeat staff
- Chatting with community members, GamesBeat staff, and other guests in our Discord
- And maybe even a fun prize or two
- Introductions to like-minded parties