back to article XBox promo code exploit set Microsoft back $1.2m

Hackers managed to figure out the algorithm used by Microsoft to generate promotional codes tied to XBox Live, costing Redmond an estimated $1.2m before it put a stop to the scam. The algorithm created 160 counterfeit MS points, the currency used on XBox Live, at each iteration. "Hackers found an algorithm to add to existing, …

COMMENTS

This topic is closed for new posts.

Estimate

That estimate of $1.2M has already been debunked: http://arstechnica.com/gaming/news/2011/03/xbox-live-points-hack-cost-microsoft-thousands-not-millions.ars

4
0

Thank goodness for that!

I was about to send poor Billy G a cheque to help him cover the costs.

If it's only thousands I reckon, if he tightens his family budget, starts shopping at Lidl etc. he should be able to cover it in a matter of months.

3
0
Dead Vulture

Did it really set them back anything?

Can these points be converted back to real dollars?

They do not have intrinsic value, it's just that Microsoft has chosen to allocate a value to them... So they've lost a potential $1.2M in revenue, but it certainly hasn't cost them $1.2M! I wouldn't expect a liability of $1.2M to suddenly appear on MIcrosoft's ledger for this.

I'd argue that it's cost them nothing. Mind you, I'm reading Cory Doctorow's For The Win at the moment, so that might explain this point of view!

4
1

Buying stuff...

A lot of the stuff available for points is other people's stuff, and Microsoft have to pay for it. The loss isn't the "buy" value of the points, but it could still be substantial.

1
0
Silver badge

Well thought out plan

Trying to reimburse forged codes to a personally identifiable account is pretty stupid. These idiots will be lucky if MS just resets their points to what they were. I expect the worst offenders will have their XBL account sent to banheim and will receive a knock on the door from Mr Plod.

1
0
Silver badge

Indeed,

It is akin to having a shop that uses its own currency, someone finding a way to counterfeit that currency, going and using it at that shop, but writing their real name and address on the back of every single note. You might as well just tattoo the word 'fraudster' on your forehead and be done with it.

2
0

Depends

Did the system actually record the legit codes that were generated and given out (and hence MS can just find anyone who used a code that wasn't officially issued), or did the system just regard every code as equal, provided it fit the algorithm?

If it's the latter, I don't see how MS could discriminate between people who used codes they got legally and those who used an illegal code. Sure, maybe if someone used 200 codes in a 10 minute timespan it'd be obvious, but if they just used the one?

1
0

But I got my code from completing an online survey...

...on some random site that looked genuine ;o)

1
0

Be careful out there...

I have to say that anyone falling foul of malware in an attempt to gain free MS points pretty much has it coming to them.

Grumble, I must be getting old or something...

2
0
Gates Halo

@Nick L

Well, if you buy anything with MS Points, some of that obviously gets converted to hard cash for payment to the Publisher/Developer, so in theory it may have cost them something.

Probably not much in terms of real cash though

1
0
Joke

If only

Hopefully they can come up with something for Farmville too ?

0
0

Load of crap.

Load of crap this is. They've made all that effort for a load of crap.

0
0
Thumb Up

Did anyone else think...

Free money cheat?!

0
0
Troll

10 million Kinects Sold

Well congratulations to Microsoft!

They now have 10 million+ Kinect devices in the wild.

Apparently, Guinness has certified the sales within the first 6 weeks a world record, which is more than can be said about Move.

0
1
Thumb Down

Suck it up, MS

Microsoft will potentially be screwing a lot of people over if it does eliminate all of the points created in this manner. And there is a perfectly valid defense for any customer accused of creating the points fraudulently, which is almost undoubtedly true in some of these cases.

It is very unlikely that someone did not take advantage of this code creation ability to sell discount microsoft points for real money. If a customer was duped in this manner, and Microsoft then takes the points from them, the customer will essentially be held responsible for Microsoft's security error. Not good business. If it really is only a few thousand dollars worth of liability, Microsoft can afford to suck it up to avoid a potential PR shitstorm when it takes a hundred dollars worth of MS points from a dyslexic kid who didn't know he was doing anything wrong...

0
0
This topic is closed for new posts.

Forums