Microsoft has responded to our earlier report of Xbox Live accounts being “jacked” via the “social engineering” of support staff.
Asked for comment, Microsoft has responded to Kotaku with the following:
There are several different methods malicious users employ to gain unauthorised access to accounts; social engineering is one of them. We are aware of the vulnerabilities that social engineering poses, and continue to address these through tools and training to help keep our members safe and secure.
The security of Xbox LIVE member accounts is a top priority and we continue to take aggressive steps to protect our members against ever-changing threats. This includes continually evolving our security practices and staff training to help prevent these scenarios from occurring.
On the specific examples highlighted:
We really appreciate that these issues have been raised; however, the specific examples in this article contain information that is invalid and out-of-date. We would welcome the opportunity to work directly with Ms. Taylor and the members who have contacted her with unresolved cases. We have done a considerable amount of work to resolve cases for our customers in the last several months and will be reaching out to her to provide further assistance.
And finally, advice from Microsoft on protecting your account:
Finally, many of our security enhancements and recovery processes, should an account become stolen, are dependent upon our members being able to verify their identities using additional proofs, such as secondary email addresses, phone numbers, security questions and answers, or trusted devices. Adding strong identity proofs to an account provides multiple layers of identity verification, which can drastically reduce the incidence of identity theft and other online fraud.