Microsoft’s Director of Policy and Enforcement for Xbox LIVE gaming service, Stephen Toulouse who goes by screename “Stepto” has had his Xbox account hijacked by a disgruntled gamer using a social engineering attack on his domain name registrar, Network Solutions.
According to The Register, Toulouse also lost his domain stepto.com, his email and web hosting accounts.
The hacker “Predator” made use of “Social Engineering” to gain access to the accounts and stated that he did it for revenge of being banned over thirty times by Microsoft and to avenge other Xbox LIVE users who’ve also been banned.
Social engineering attacks against domain name registrars exploit human, rather than technological, vulnerabilities. Attackers call up tech support and try to convince them that they are their target.
In this case, hijacking Toulouse’s domain name seems to have been a means to control his email account, enabling the attacker to reset Toulouse’s Xbox LIVE password and take over his “gamer tag”.
The domain and account have since been returned to Toulouse’s control.
Predator has also posted a YouTube (NSFW) video showing his hacking process and the changes that he made to Toulouse’s accounts. The problem for the hacker is that it seems that he may have left enough details behind for Microsoft to quickly find him, with a number of YouTube users already posting up what may be the hackers name and address online.[Source: The Register]