According to a new report, a handful of high-profile Microsoft employees had their Xbox Live accounts targeted and compromised by attackers. These attackers used the employees social security numbers along with social engineering to obtain access to the accounts.
“We are aware that a group of attackers are using several stringed social engineering techniques to compromise the accounts of a handful of high-profile Xbox LIVE accounts held by current and former Microsoft employees. We are actively working with law enforcement and other affected companies to disable this current method of attack and prevent its further use. Security is of critical importance to us and we are working every day to bring new forms of protection to our members,” Microsoft revealed in a statement.
Microsoft issued this statement but refused to acknowledge if the company stores social security numbers along with the Xbox Live accounts. These social security numbers are used by a third party, which is how attackers were able to gain access to employee Xbox Live accounts.
“Microsoft does not collect or use Social Security numbers in its services, including Xbox LIVE Gamertags or Microsoft accounts. Attackers are targeting high-profile Microsoft employees by social engineering other companies that do use this data to intercept security proofs from Microsoft to compromise the accounts,” Microsoft explained
The big question is, since Xbox Live uses a Microsoft Account to log in, is Xbox Live the only service that was breached or were other Microsoft services vulnerable too?