If you’ve ever gotten rid of an old Xbox 360 hard drive, a determined hacker could find a way to extract your credit card information from the device. As part of a study meant to expose Microsoft’s lax protection of consumer data, researchers bought a refurbished Xbox 360 and used hacking tools to plunder the device for info that identified the previous owner, as well as the owner’s credit card details. They say old data isn’t safe even if the hard drives have been formatted.
Kotaku spoke to a Drexel University researcher who took part in the experiment. What she has to say should frighten anyone who has ever upgraded an Xbox hard drive:
“A lot of them already know how to do all this,” she said. “Anyone can freely download a lot of this software, essentially pick up a discarded game console, and have someone’s identity.”
She recommends hooking your hard drive up to a PC and wiping it clean with a reliable program before discarding it. If you don’t want to go to the trouble, you may be best off hanging on to the old hard drive indefinitely or destroying it.
UPDATE: Microsoft sent this response to Joystiq:
“We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims.
“Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described. Additionally, when Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data. We can assure Xbox owners we take the privacy and security of their personal data very seriously.”