Since reporting on the "FIFA hack" and related security concerns with Xbox Live and the Windows Live ID system, we've received stories, documentation and theories on how this is happening from dozens of victims. As we continue to follow up on several leads, Analoghype posits an interesting theory on how some of these breaches may be occurring.

AH suspects that the hackers grab gamertags from a game of Halo or Call of Duty, then Google the tags to find associated emails on social networking sites. They now have a potential list of Windows Live IDs. Going to, the hacker can now test if the email is a valid ID by attempting to sign in. An error message of "account is invalid" has them moving on to another email; "password is incorrect" means they've got a real account, but a bad password.