Microsoft is investigating a possible Xbox 360 security breach whereby hackers are able to gain access to personal information–like credit card numbers–even after a system has been reset to factory settings.
The Xbox 360 isn’t designed to store credit card info, says Microsoft.
Researchers at Drexel University and Dakota State University told Kotaku this week that they purchased an Xbox 360 through an authorized retailer, downloaded a “basic modding tool,” and were able to use it to uncover personal information like credit card numbers stored on the system.
Jim Alkove, general manager of security for Microsoft’s game business, said that the odds are highly improbable.
“Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described,” he said. “Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.
“We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.”