back to article XBox promo code exploit set Microsoft back $1.2m

Hackers managed to figure out the algorithm used by Microsoft to generate promotional codes tied to XBox Live, costing Redmond an estimated $1.2m before it put a stop to the scam. The algorithm created 160 counterfeit MS points, the currency used on XBox Live, at each iteration. "Hackers found an algorithm to add to existing, …

COMMENTS

This topic is closed for new posts.
  1. techknight

    Estimate

    That estimate of $1.2M has already been debunked: http://arstechnica.com/gaming/news/2011/03/xbox-live-points-hack-cost-microsoft-thousands-not-millions.ars

    1. Flugal

      Thank goodness for that!

      I was about to send poor Billy G a cheque to help him cover the costs.

      If it's only thousands I reckon, if he tightens his family budget, starts shopping at Lidl etc. he should be able to cover it in a matter of months.

  2. Nick L
    Dead Vulture

    Did it really set them back anything?

    Can these points be converted back to real dollars?

    They do not have intrinsic value, it's just that Microsoft has chosen to allocate a value to them... So they've lost a potential $1.2M in revenue, but it certainly hasn't cost them $1.2M! I wouldn't expect a liability of $1.2M to suddenly appear on MIcrosoft's ledger for this.

    I'd argue that it's cost them nothing. Mind you, I'm reading Cory Doctorow's For The Win at the moment, so that might explain this point of view!

    1. The Indomitable Gall

      Buying stuff...

      A lot of the stuff available for points is other people's stuff, and Microsoft have to pay for it. The loss isn't the "buy" value of the points, but it could still be substantial.

  3. DrXym

    Well thought out plan

    Trying to reimburse forged codes to a personally identifiable account is pretty stupid. These idiots will be lucky if MS just resets their points to what they were. I expect the worst offenders will have their XBL account sent to banheim and will receive a knock on the door from Mr Plod.

    1. Loyal Commenter Silver badge

      Indeed,

      It is akin to having a shop that uses its own currency, someone finding a way to counterfeit that currency, going and using it at that shop, but writing their real name and address on the back of every single note. You might as well just tattoo the word 'fraudster' on your forehead and be done with it.

      1. Daniel Evans

        Depends

        Did the system actually record the legit codes that were generated and given out (and hence MS can just find anyone who used a code that wasn't officially issued), or did the system just regard every code as equal, provided it fit the algorithm?

        If it's the latter, I don't see how MS could discriminate between people who used codes they got legally and those who used an illegal code. Sure, maybe if someone used 200 codes in a 10 minute timespan it'd be obvious, but if they just used the one?

    2. Wize

      But I got my code from completing an online survey...

      ...on some random site that looked genuine ;o)

  4. bigphil9009

    Be careful out there...

    I have to say that anyone falling foul of malware in an attempt to gain free MS points pretty much has it coming to them.

    Grumble, I must be getting old or something...

  5. Benji Levens
    Gates Halo

    @Nick L

    Well, if you buy anything with MS Points, some of that obviously gets converted to hard cash for payment to the Publisher/Developer, so in theory it may have cost them something.

    Probably not much in terms of real cash though

  6. Anonymous Coward
    Joke

    If only

    Hopefully they can come up with something for Farmville too ?

  7. This post has been deleted by its author

  8. Anonymous Coward
    Troll

    10 million Kinects Sold

    Well congratulations to Microsoft!

    They now have 10 million+ Kinect devices in the wild.

    Apparently, Guinness has certified the sales within the first 6 weeks a world record, which is more than can be said about Move.

  9. Jacob Lipman
    Thumb Down

    Suck it up, MS

    Microsoft will potentially be screwing a lot of people over if it does eliminate all of the points created in this manner. And there is a perfectly valid defense for any customer accused of creating the points fraudulently, which is almost undoubtedly true in some of these cases.

    It is very unlikely that someone did not take advantage of this code creation ability to sell discount microsoft points for real money. If a customer was duped in this manner, and Microsoft then takes the points from them, the customer will essentially be held responsible for Microsoft's security error. Not good business. If it really is only a few thousand dollars worth of liability, Microsoft can afford to suck it up to avoid a potential PR shitstorm when it takes a hundred dollars worth of MS points from a dyslexic kid who didn't know he was doing anything wrong...

This topic is closed for new posts.

Other stories you might like