1. Headline
  1. Headline
By
updated 3/30/2012 6:17:20 PM ET 2012-03-30T22:17:20

It's not the usual approach to security, but if you want to keep your credit-card data safe, you might want to take a hammer to your old Xbox 360's hard drive, researchers say. Microsoft disputes the findings.

  1. More from TODAY.com
    1. TODAY's Takeaway: Savannah overshares; Billy Crystal brings '700 Sundays' to TV

      Witnesses describe hearing the Mount Everest avalanche, Savannah already overshares and Billy Crystal brings "700 Sundays"...

    2. 'You helped me': After 23 years, Desert Storm veteran thanks pen pals
    3. Alan Thicke: 'I have a better body' than Homer Simpson'
    4. Kids scared of the Easter Bunny? Well, look at him!
    5. 'We are not equipped for this': Tamron, Willie face off against animals

According to Drexel University study, Microsoft's Xbox 360 stores its owners' credit-card data on the hard drive, even when the gaming console is restored to its factory settings, the gaming site Kotaku reported.

Unlike personal computers, the hard drive on the Xbox 360 is easily removable and used for storage only. The operating system resides in a read-only memory chip on the motherboard.

(Msnbc.com is a joint venture of Microsoft and NBCUniversal.)

The Drexel researchers, Ashley Podhradsky, Rob D'Ovidio and Cindy Casey (along with Pat Engebretson from Dakota State University), bought a refurbished Xbox 360 from a Microsoft-authorized retailer last year. Using a basic software-modifying tool, they were able to poke around the video-game system's hard drive and access its files, folders and, eventually, the original owner's credit-card information.

The hacking process is simple, Podhradsky said, but the ramifications are serious.

"Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone's identity," she told Kotaku.

"I think Microsoft has a long-standing pattern of this," Podhradsky told Kotaku. "When you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality, that's not accurate — the data is still available ... so when Microsoft tells you that you're resetting something, it's not accurate."

In an email to SecurityNewsDaily, Jim Alkove, Microsoft's general manager of security for interactive entertainment business, disputed the researchers' claims.

"Xbox is not designed to store credit-card data locally on the console, and as such [it] seems unlikely credit-card data was recovered by the method described," Alkove told SecurityNewsDaily.

"Additionally, when Microsoft refurbishes used consoles, we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously."

Alkove said Microsoft "is conducting a thorough investigation into the researchers' claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicated the researchers' claims."

To remove your identity from your old Xbox 360 yourself, Podhradsky recommended removing the gaming console's hard drive, hooking it up to a computer and using a hard-drive sanitation program to wipe it clean.

© 2012 SecurityNewsDaily. All rights reserved

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments

More on TODAY.com

TODAY's Takeaway
  1. TODAY

    Savannah overshares; Billy Crystal brings ‘700 Sundays’ to TV

    4/18/2014 8:29:08 PM +00:00 2014-04-18T20:29:08
  1. Doomed South Korean ferry’s captain taken into custody

    The captain of the sunken ferry in South Korea was taken into custody Friday and is facing five charges, including criminal negligence.

    4/18/2014 8:35:55 PM +00:00 2014-04-18T20:35:55
  2. Did South Korea ferry’s sharp turn cause it to sink?
  3. Teen ferry survivors comforted in devastated town
  1. Courtesy of Shawn Stock

    'You helped me': After 23 years, Desert Storm veteran thanks pen pals

    4/18/2014 8:51:52 PM +00:00 2014-04-18T20:51:52
  1. Courtesy of Kristen Hazelwood Jo

    Kids scared of the Easter Bunny? Well, look at him!

    4/18/2014 7:18:23 PM +00:00 2014-04-18T19:18:23
  1. This weekend on TODAY: Apps to keep teens from texting and driving

    Janice Lieberman takes a look at three new apps that are designed to keep your teens safe behind the wheel. Also, Ed Weeks from “The Mindy Project," the right way to cook a perfect Easter ham and more.

    4/18/2014 4:41:45 PM +00:00 2014-04-18T16:41:45