Plugged In

Xbox scammers bilk Microsoft for $1.2 million

Plugged In

Easter Eggs

View photo


The Xbox 360

That long string of numbers and letters you have to type in
when redeeming a Microsoft Points card might seem random, but a group of
hackers recently discovered it wasn't.

Today, Microsoft is licking its wounds after taking a $1.2 million loss once that information was made public.

Microsoft, of course, doesn't let people use real-world dollars to make purchases on Xbox Live. Instead, users have to convert their money into Microsoft Points before they can start shopping for games, movies, music, downloadable content and other merchandise. Cards with 25-character codes that are redeemable for points are sold at most video game retailer stores.

What hackers found, though, was that using an algorithm, they were able to add to existing, previously used codes and generate new ones, according to Save & Quit. The group then set up a site that would generate a code for 160 points (the equivalent of $2) every time it was refreshed.

Microsoft eventually noticed the exploit (likely due to the surge in $2 point redemptions) and shut the scam down -- but not before it had reportedly racked up significant losses.

"We are aware of the situation and have taken steps to invalidate the codes obtained illegitimately," the company said in an official response. "We take safety and security very
seriously and require that Xbox LIVE members use the service in compliance with applicable laws and specifically prohibit people from engaging in illegal activity as a part of our Terms of Use and Code of Conduct. Our Policy and Enforcement team is evaluating whether or not certain individuals have violated the Terms of Use for Xbox LIVE and
will take the appropriate enforcement on an individual basis. Codes obtained legitimately by users will not be impacted."

Separately, a group of hackers also discovered a stand-alone
code generator allowing people to create codes for a Halo: Reach Banshee avatar
prop or a 48-hour Xbox Live trial. That, too, has been shut down by Microsoft.

Microsoft's not the only company to use a point-based sales
system. Nintendo also prefers the virtual currency to the real thing, taking
the additional step that users must commit to using the points on either the
Wii or Nintendo DS. The exchange rate for that company is 100 points to the

The rationale is twofold: First, it's arguably easier to justify spending 800 'points' on a game than its cash equivalent. Also, the companies often get a little free money from customers thanks to unused, leftover points that sit in their accounts

Only Sony still welcomes dollars and cents. Players can buy
content via whatever currency their country uses via credit or debit card.


View Comments (65)