Xbox Entertainment Awards Suffers Security Breach

[Andy Chalk]

Xbox Entertainment Awards Suffers Security Breach

Microsoft has closed the site after learning that voters' names, gamertags and other information were visible to the public.

Microsoft unveiled the Xbox Entertainment Awards yesterday, asking Xbox Live users to vote for their favorite games, television shows, movies and music in exchange for a chance to win a limited edition Halo 4 Xbox 360, a one year Xbox Live Gold memberships, Microsoft points, games and other such goodies. But this morning the site was taken offline after it became apparent that voters' personal information was being shared to the public.

According to MCV, the Xbox Entertainment Awards website was displaying names, gamertags, email addresses and birth dates of everyone who took part in the voting. The listings could also be edited or removed by anyone visiting the site, although whether those edits actually affected the voting is unclear.

The site now displays an "offline for maintenance" message [http://awards.xboxapp.com/uk]. In a statement, Microsoft said only, "We are currently experiencing technical difficulties with the Xbox Entertainment Awards landing page and have taken the site offline while we investigate." A reported 2892 voters had their information posted on the site.

Source: MCV [http://www.mcvuk.com/news/read/xbox-entertainment-awards-blighted-by-security-breach/0112664]


Permalink

 

[CriticalMiss]

I know this isn't as major as the Sony breach a while back but surely Microsoft, the massive software company, would know how to make a website secure? Even if the site was subcontracted to someone else, wouldn't MS have checked it first? It makes me wonder how much of a fuck these companies give a damn about user security when they come up with horrible anti-piracy methods but can't make a website keep info private.

 

[Legion]

The larger and richer the gaming company, the more they screw up it seems. I am so glad I am getting away from gaming that requires me giving money to them.

Seriously? What is this Facebook?

No, because Facebook doesn't even pretend to believe in privacy.

 

[The White Hunter]

Seriously? What is this Facebook?

No, because Facebook doesn't even pretend to believe in privacy.

Isn't the whole point of facebook to systematically destroy the concept of privacy by making every squeal about their own boring existence non-stop on the internet, thus eliminating any understanding of social boundaries from society and something something so they can sell your details to the chinese?

 

[CriticalMiss]

I know this isn't as major as the Sony breach a while back but surely Microsoft, the massive software company, would know how to make a website secure? Even if the site was subcontracted to someone else, wouldn't MS have checked it first? It makes me wonder how much of a fuck these companies give a damn about user security when they come up with horrible anti-piracy methods but can't make a website keep info private.

There are two types of companies in the world. Those that know they have been hacked, and those that do not know they have been hacked. there is very little exception to this.

Except this wasnt a hack, anyone could see the information and change it if the article is to be believed.

 

[kailus13]

So if someone you didn't like took part in the voting, you could find out their real name, D.O.B and email? That's actually quite scary.

 

[Strazdas]

I know this isn't as major as the Sony breach a while back but surely Microsoft, the massive software company, would know how to make a website secure? Even if the site was subcontracted to someone else, wouldn't MS have checked it first? It makes me wonder how much of a fuck these companies give a damn about user security when they come up with horrible anti-piracy methods but can't make a website keep info private.

people dont care to doublecheck. a friend told me how a big company did its accounting yesterday. she got ap osition to overlook the accounting there and what she found out is that some rookie were doing certian accounting tasks, wrongly. and all veterals were jtu blindly copy-pasting it without doublechecking, leading to a confusion where millions of tax moneys were calculated wrongly. needless to say there was a problem. but it teaches us that just because you have a team that knows how to do stuff, does not mean they actually try.

IMO there is nothing wrong with being able to see the gamertags of those that voted. mroe info thank that is up for debate.

There are two types of companies in the world. Those that know they have been hacked, and those that do not know they have been hacked. there is very little exception to this.

The exceptions being "too small to bother".