Hackers Can Steal Credit Card Information From Your Old Xbox360 Harddrive

[KingMike_OS]

You might not want to sell or give away your Xbox 360 any time soon. Not without taking a hammer to the hard drive.
 
Even restoring your console to factory settings won't remove some of the data it stores, according to an ongoing study from researchers at Drexel University. And with a handful of common tools, hackers and modders can dig into a system's hard drive and excavate your credit card number or other personal information.
 
Speaking to Kotaku in a phone interview today, researcher Ashley Podhradsky said Xbox publisher Microsoft is doing a "disservice" to its customers by not doing a better job of keeping personal data protected.
 
"Microsoft does a great job of protecting their proprietary information," she said. "But they don't do a great job of protecting the user's data."
 
Podhradsky, along with colleagues Rob D'Ovidio and Cindy Casey at Drexel and Pat Engebretson at Dakota State University, bought a refurbished Xbox 360 from a Microsoft-authorized retailer last year. They downloaded a basic modding tool and used it to crack open the gaming console, giving them access to its files and folders. After some work, they were able to identify and extract the original owner's credit card information.
 
We reached out to Microsoft for comment on this issue, but as of press time, they have not yet responded.
 
Podhradsky isn't even a gamer, she says. For seasoned modders and hackers, the process might be even easier.
 
"A lot of them already know how to do all this," she said. "Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity."
 
So what should you do if you want to get rid of your Xbox 360 but you don't want your personal information compromised? Podhradsky recommends detaching your 360's hard drive, hooking it up to your computer, and using a sanitization program like Darik's Boot & Nuke to wipe everything out. Just reformatting the system isn't enough.
 
"I think Microsoft has a longstanding pattern of this," Podhradsky said. "When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality that's not accurate—the data is still available... so when Microsoft tells you that you're resetting something, it's not accurate.
 
"There's a lot more that needs to be done."

[magic_man185]

that is just 1 reason why I never used my credit card on my xbox, I buy the cards in the store and redeem them online.

[Rodent]

that is just 1 reason why I never used my credit card on my xbox, I buy the cards in the store and redeem them online.

Same here you never know when your stuff might get stolen, or your xbox grows feet.. or just plain and simple gets a RROD or 3 Error and you can't fix it.. you can sell the parts and make some money  with out the worries of someone stealing your info...

[magic_man185]

That and the fact I heard a long time ago if you tie a credit card to your Live account it is next to impossible to get it removed, so I never gave it to them in the first place.  That and the fact you can usually get stuff cheaper buying a code on Amazon anyway.  I paid $18.99 for 1600 MS points ($1 off, but you don't normally see sales on this kinda thing) and they emailed the code to me within a minute.

[Modded Matt]

lol I have bought 4000 point accounts from ebay.... but they were bootleg and were only avail for like 24 hrs before MS swoops in and takes them.

[Tracey]

That and the fact I heard a long time ago if you tie a credit card to your Live account it is next to impossible to get it removed

Naaa, you just gotta know what your doing. Deleting it trough your xbox will not really delete it, you have to sign in through a PC and delete it from your account there.

[Blazinkaos]

I always knew that had to be possible its pretty much same concept as with flash drives and what not. Good tip!