Microsoft loses $1.2 Million Due to Code Exploit

[Jardavius]

Yesterday afternoon a website started offering free Microsoft Points. I’m sure you if you type “free Microsoft Points” into Google you’ll still get pages upon pages of websites saying you will get free points if you just fill out 4 surveys and give them your social security number. This time, this really was a site giving away free Microsoft Points. Hackers found an algorithem to add to existing, used codes to get new ones. A person would just have to sit back and refresh over and over and rack up the 160MSP codes. Not every code would work, but a majority would. The site started to 404 due to the heavy traffic.

If you have closer ties to the pirating community, you could find a program to get the codes for you. With this, you had a choice between a code for 160MSP, a Halo Reach Banshee avatar prop, or a 48 hour Xbox Live trial. This method took a little more work out of the user, but it was still simple enough for a 12 year old to figure out. A Megaupload link to the .exe file could be found on Xbox pirating websites like xbox360iso.com.

Microsoft found out about this exploit and put a stop to it immediately, but internet pirates still had enough time to steal $1.2 million worth of Microsoft Points (according to Beantown Gamer’s source). One pirate said that they were able to get $150 worth of points in a matter of 20 minutes. Microsoft has yet to say what they plan on doing about this, but it doesn’t seem like there is much they can do other than just bite the bullet on this one.

Source: SaveandQuit

[Jardavius]

Here is an update as well, looks like trouble is coming:

Earlier this week, an unauthorized method for generating codes that could be redeemed for 160 Microsoft Points ($2) each was discovered. Microsoft has since shut down the exploit, but that's not the end of the matter as far as the platform holder is concerned.

In a statement from Microsoft Kotaku was told that it has "taken steps to invalidate the codes obtained illegitimately," so any formerly valid codes you might still have lying around will no longer work. If you've already used any on the Xbox Live or Zune Marketplaces, you face the risk of an unspecified punishment.

"We take safety and security very seriously and require that Xbox Live members use the service in compliance with applicable laws and specifically prohibit people from engaging in illegal activity as a part of our Terms of Use and Code of Conduct," the statement read. "Our Policy and Enforcement team is evaluating whether or not certain individuals have violated the Terms of Use for Xbox Live and will take the appropriate enforcement on an individual basis."

No timetable was established for when punishments would be handed out or what exactly constitutes a punishable offense. Those who used the codes will simply have to keep their fingers crossed that they aren't targeted.

Source: 1up