[Update]: Microsoft Comments On LulzSec Info Exposure

by Matthew Kato on Jun 17, 2011 at 02:22 PM

[Update]: Microsoft has commented on LulzSec's posting of emails and addresses, some of which may be associated with Xbox Live accounts.

Microsoft has sent us this comment on the data, which is an info dump and not a hack.

"This group appears to have posted a list of thousands of potential email addresses and passwords, and encouraged users to try them across various online sites like Xbox LIVE in the event one of the users happens to use the same password and email address combination.  At this time we do not have any evidence Xbox LIVE has been compromised. However we take the security of our service seriously and work on an ongoing basis to improve it against evolving threats."

[Original Story]: Hacker group LulzSec has released emails and passwords for some people's Xbox Live account info, among other sites and services.

The group dumped a list of 62,000 emails and passwords on a file sharing site (the list has been taken down multiple times) for accounts of sites and services like Xbox Live, PayPal, WOW, and much more (confirmed on LulzSec's Twitter, even). We've also had one poor reader tell us the credit card attached to his Xbox Live account has already been hit for $100 and the account's password changed.

LulzSec has also been involved in attacks on Nintendo, Minecraft, EVE Online, and (of course) Sony, among others. And for those of you keeping score out there, hactivists Anonymous deal more in denial of service attacks, while exposing user info is one of LulzSec's deals. Whatever the method or rationale, though, it's annoying.

Just to clarify: LulzSec hasn't hacked Xbox Live, they've simply released people's emails and passwords that may pertain to an Xbox Live or PayPal or WOW, etc. account.


[via Team Xbox and a reader tip from Shaun]