Doubts have arisen over claims that credit card numbers and other personal information can be recovered from used Xbox 360 consoles - even after users take the precaution of restoring their kit to its factory settings. Researchers at Drexel University in Philadelphia bought a refurbished Xbox 360 from a Microsoft-authorised …
Seems to be FUD
As stated by both Microsoft and the researcher in the piece, credit card data is not stored locally on the XBox. Furthermore, after I raised an issue of PCI/DSS compliance with Microsoft XBox team last December, they have implemented CVV requirements (which never existed previously) before any purchase can be made on stored credit cards.
So I think on this occassion, the "research" appears to be somewhat misleading.
Most of it is FUD
Most of the "OMG lingering data!!!!!1!" is FUD, designed to persuade people to destroy perfectly good HDDs so they can sell more new ones (or possibly, to persuade people that data was recovered from a HDD, and not by other means that Article Five of the UDHR was meant to protect against).
Credit card numbers become useless after the card expires (every 2 years or so) anyway.
"Podhradsky advises privacy-conscious gamers to remove the hard drive from an XBox and wipe it using a data-scrubbing program before giving away or sell their old console."
Well, that shows how my Podhradsky knows about the XBox. Even if you remove the HDD and plug it into a PC, you won't be able to scrub the data and keep it working, as the format is deliberately different to any PC file format. I guess you could wipe a magnet over it, but then your XBox wouldn't work any more. There's no easy way of formatting an unformatted disk in the XBox format; or at least, no easy way for regular consumers.
Re: Wipe it?
You can always make an NTFS, HFS+ or EXT2 file system on the drive, and fill that up with random data. The XBox ought to be able to lay down its own weirdy format over that (since it has to be able to deal with a brand new, unformatted drive).
Re: Wipe it?
The Xbox drives come pre-formatted in MS' secret sauce
Xbox accounts are being hacked and emptied en-masse...
That is not FUD, that's FACT.
Of course Microsoft pay to ensure that doesn't get reported by the media.
"They downloaded a basic modding tool and used it to crack open the gaming console, giving them access to its files and folders. " - Kotaku article
That instantly spells BS to anyone that knows even the bare basics of 360 modding. Reading the hard disk is as simple as pulling the drive out, connecting it to your PC via SATA and running a tool like Xplorer360 to read the files. Besides if there was any truth to this wouldn't one of the devs that have repeatedly pwned the 360 have noticed?
@A J Stiles: Not that simple I'm afraid, there are signature bytes (aka security sectors) on orignal 360 drives, damage a single bit and the console won't recognise the drive as valid. Keep in mind that I am referring to the 360's native drive here, not one attached via USB, those can easily be reformatted.