Microsoft embroiled in Xbox Live hacking allegations

Vendor giant firmly denies that a hack has taken place but continues to investigate claims

Microsoft has firmly denied that a hack has taken place on its Xbox Live gaming service, despite allegations made by the tabloid press.

The Sun reported this week that Xbox Live has fallen victim to Russian and Chinese attacks, in which customers have reported sums of money taken from bank accounts.

However, Microsoft insists that any money taken will have been obtained through a phishing scam where customers unknowingly handed over their details to illegal sites, rather than because of a hack on its service.

"Xbox Live has not been hacked. Microsoft can confirm that there has been no breach to the security of our Xbox Live service. In this case, a number of Xbox Live members appear to have recently been victim of malicious phishing scams," said a Microsoft spokesperson.

"The online safety of Xbox Live members remains of the utmost importance, which is why we consistently take measures to protect Xbox Live against ever-changing threats."

But The Sun has insisted that Xbox customers who have not given their details to any other service are also losing money.

Microsoft has said it is doing the following to protect its customers and services:

• Working closely with affected members who have been in touch with the company to investigate any unauthorised changes to their accounts resulting from phishing scams;

• Warning people against opening unsolicited e-mails which may contain spyware and other malware that can access personal information contained on their computer;

• Reminding all customers that they should be very careful to keep all personal information secure and never supply e-mail addresses, passwords or credit card information to strangers.

A source familiar with the matter has confirmed there is an ongoing investigation and talks are being carried out with the global Microsoft team.

Microsoft is adamant that a hack has not occurred, but it has not ruled out that brute force attacks on customer accounts could have taken place or that passwords may have been obtained through third-party social networks.