backtop


Print 35 comment(s) - last by quiksilvr.. on Mar 16 at 3:27 PM

Hackers developed an algorithm that allowed them to use old MS Points codes to make new ones

A group of hackers have scammed Microsoft out of $1.2 million after finding a way to generate new Microsoft Points out of old point codes. 

Microsoft Points is the currency for online stores such as the Games for Windows - Live Marketplace, Zune, Windows Live Gallery and the Xbox Live Marketplace. There are plenty of sites that provide free Microsoft Points, but it's rare to find one that is authentic. 

But on March 7, a team of hackers did some damage to Microsoft's pocket when they developed an algorithm that allowed them to use old MS Points codes to make new ones. They then created a website that allowed anyone to do the same just by refreshing the page. 

Each time a user refreshed the page, a new 160 point code would be available. Eventually, a heavy amount of traffic to the site yielded problems, which caused a 404 error message. 

Microsoft was able to pull the plug on the site, but still ended up losing $1.2 million in MS Points. No announcements have been made in regards to what Microsoft plans to do about this. 

The Escapist magazine posed the question as to whether Microsoft has a way of distinguishing which points are legitimate and which are counterfeit, so Microsoft could ban those who try to use the hack versions, but it is unknown whether the consumer electronics and software giant has these capabilities. 



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

i don't get it.
By kleinma on 3/10/2011 3:52:27 PM , Rating: 2
In a system where the system using the code is connected to their servers (versus something like a product key to install a piece of software on a possibly offline system), I don't get why they don't have a giant SQL database of all actually generated keys that have been made to validate against. Sure the random generator might get lucky and make keys that are actually valid and not yet used because they are sitting on a shelf somewhere, but it would certainly cut down. Couple that with dual keys (cut the key in half and generate the 2 sequences seperately) and you have pretty good protection.




"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki