Microsoft has addressed yesterday’s Kotaku report that hackers could access credit card information in used and refurbished Xbox 360 units.
In a statement to Kotaku today, Microsoft’s Jim Alkove, General Manager of Security of Interactive Entertainment Business, said they are investigating the Drexel University study:
We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.
Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.