The Xbox team launched an investigation to find out how credit card information made it to the hard drive.
Last week, a report from a research team at Drexel University in Philadelphia concluded that old Xbox 360s could be dredged for personal information, including credit card numbers and personal addresses. The lead researcher Ashley Podhradsky recommended wiping your Xbox hard drive clean before trading it in or throwing it away. Microsoft took the claims of Podhradsky’s team to heart, and have put Jim Alkove on the case – he’s General Manager of the Security division of the Interactive Entertainment Business at Microsoft. He’s looking into the claims, but admits he’s having trouble recreating the problem.
“We are conducting a thorough investigation into the researchers’ claims,” Alkove said. “We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.”
He goes on to claim that the Xbox console is programmed not to store sensitive information on each player’s hard drive. “Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described.”
If you have your Xbox refurbished by Microsoft, they make sure to wipe the drives clean themselves. “Additionally, when Microsoft refurbishes used consoles, we have processes in place to wipe the local hard drives of any other user data.
“We can assure Xbox owners we take the privacy and security of their personal data very seriously,” Alkove said.
This whole story reeks of “He Said, She Said” but it’s refreshing to hear a company like Microsoft going to bat for users at even the barest mention of impropriety. Perhaps Microsoft has learned from the misfortune of its rivals and want to avoid the shitstorm Sony went through last year.