Microsoft to invalidate MS Points 'stolen' via exploit
Microsoft seeks to invalidate MS Point codes generated using an exploit while investigating the situation.
A couple of days ago, a forum user on the website The Tech Game posted instructions about how to use an exploit that allowed users to generate codes for Microsoft Points on Xbox Live.
Microsoft has since released a statement indicating that it is investigating the situation, intends to invalidate the illegitimately-generated codes, and is looking into punishing those who participated in the exploit.
"Our Policy and Enforcement team is evaluating whether or not certain individuals have violated the Terms of Use for Xbox Live and will take the appropriate enforcement on an individual basis," reads the official statement. "Codes obtained legitimately by users will not be impacted."
Though Microsoft discovered the exploit within hours, many news sites initially estimated that around $1.2 million worth of codes were 'stolen.' According to a report on Gamasutra, Microsoft asserts that the $1.2M figure is far too high. "We can't share specific numbers, but the figure is nowhere near the amount that has been reported," they insisted.
It's not entirely clear how Microsoft intends to penalize those who've obtained MS Points via the exploit, exactly - though we suspect there might be some clues within Xbox Live's 'Terms of Use' and 'Code of Conduct' documentation.
-
Comment on Microsoft to invalidate MS Points 'stolen' via exploit, by Jeff Mattas.
-
-
Microsoft logs nearly everything.
If you see the same code being nearly redeemed then actually redeemed within a few minutes of each other from an IP, it can easily be flagged for review.
If you see dozens of invalid codes being entered along with a real one within a few moments from an IP, it can easily be flagged for review.
The brute force methods behind this make it easier to detect.-
-
-
-
The original algorithm for keys assumed at most a few million units sold per product SKU and had a lot of cross-checking within the keys.
With 10 million Kinect's sold through, I can only imaging the sellthrough on these cards. They may have eliminated some of the tamper-proofing and error checking to increase their keyspace.
-
-
-
-