Life, Freedom and Xbox Logins for All

The Microsoft Xbox Live service reaches unprecedented levels of black market popularity thanks to load of credentials leaked on the net

According to statistics published by Microsoft via an interview on gaming blog Kotaku, more than 20 million people log in to the service each and every day. Moreover, Xbox Live users have contributed more than 4 billion hours of gaming—multiplayer-only—over the past eight years of the service’s existence.

As impressive crowds always attract cybercriminals, the Xbox fan tribe couldn’t have gone unnoticed (and unexploited).  A hacking group called Destructive Security just shared on the Internet a list of Xbox accounts and their corresponding passwords, adding, in their kind message to the world out there, that there might be some easy money to be made from the credit cards supposedly linked to the respective accounts.

What we’re dealing with, in this case, is a classic example of sensitive data theft. It takes a nicely crafted phishing page to get hold of such credentials; or a firmly planted keylogger that just loves to learn everything you type in.

To avoid becoming a victim of phishing raids, follow the five common-sense tips below:

  • Always activate or turn on your antiphishing or phishing filter, as well as any other security applications or suites, before browsing to your e-banking account.
  • Ideally, you should install, activate and update a reliable security solution, such as BitDefender Internet Security 2010.
  • Make sure the e-banking Web site uses SSL encryption (Secure Socket Layer) and security authentication methods – look for the “https” prefix and the locked padlock. If you are requested to accept a certificate for the session, check that the name on the certificate matches the name of the institution you wish to deal with and that the certificate is signed by a known Certificate Authority such as ThawteTM or VeriSign® before accepting.
  • Avoid using a non-secured computer (like a friend’s desktop or job colleague’s laptop). Still, if you are forced to do so, make sure you at least run Bitdefender’s advanced scanning on-line tool, Quick Scan, before proceeding.
  • Do not check your e-banking account from public computers connected to Internet (like those in a library or Internet Café).
  • If you use a wireless connection, make sure your connection is secured and encrypted and that you know and trust the owner of the access point; also, refrain from using an unsecured public wireless connection (like those in airports or hotels) when banking over the Internet. Still, if forced to do so, use an on-screen (virtual keyboard) to enter sensitive data. Although not 100% bulletproof, this technique would guard your data from average keylogger applications.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.