Following an increasing occurrence of Xbox Live account hack reports, we are growing concerned over Microsoft's Windows Live ID system, the only layer of protection between a hacker gaining access to a person's Xbox Live account and their information. In our research, the only consistency we saw across users who were hacked was the general inconsistency of what email and payment method was used on their account. Hotmail, Gmail and school emails were used for their Windows Live ID, while payment methods used were credit cards and PayPal. Other than a compromised Windows Live ID, there wasn't a common thread we could identify.

It's been several months since we started following the "FIFA hack," a rather blunt scam that saw Xbox Live accounts drained so thieves could purchase in-game FIFA 12 'Ultimate Team' cards for use and sale. We have been tracking the FIFA issue and following up on other tips that weren't necessarily rooted in the FIFA hack, but related in that users saw exploitation of payment methods tied to their account. A recent Shacknews editorial detailed accounts compromised by the FIFA exploit.

http://www.joystiq.com/2012/01/04/xb...e-microsoft-s/