Xbox Live security: how to avoid getting hacked

Data protection expert offers a few pointers

One unfortunate byproduct of the ubiquity of online is that we're all increasingly at risk of data theft. It's the inevitable downside of a communication medium with few real constraints, the price we pay for the convenience and level of access the internet affords.

Last week, EA's Frank Gibeau admitted that publishers are unlikely to ever eradicate the threat of hacking - the best companies can do is to stay one step ahead, overhauling the mechanisms of protection the instant they fail. "The moment you declare victory, somebody will walk in and show you didn't," he observed, discussing FIFA 12's widely reported problems with account theft. "So you have to continuously stay on top of it and, most importantly, keep account integrity the first and foremost issue."


If permanent solutions are off the menu, there are certain basic tactics users can adopt to minimise the likelihood of having their Xbox Live account logins pinched. Leave your bio blank. Avoid discussing personal details over Party Chat. For further pointers, OXM spoke to David Emm, senior security researcher at IT security company Kaspersky Lab.

What are the most common risks to Xbox 360 owners and Xbox Live members in terms of data security?

I think the biggest risks are those facing anyone who is required to log in to any online service - cybercriminals may try to trick people into disclosing their login credentials, including their password, giving cybercriminals access to their Xbox Live account. On top of this, there's the possibility that the web site of the game provider, or Microsoft, may be hacked, exposing customer passwords.

Clearly, players have no direct control over this, but it highlights the importance of using a unique, complex password for each online account - otherwise, if one account is compromised, it puts other accounts at risk too.

What's the best way of safeguarding yourself against data theft?

Firstly, don't respond to phishing e-mails or other messages. Microsoft and games providers will not ask you via e-mail to confirm password data. Secondly, as mentioned above, use a unique, complex password for each online account - i.e. one that is at least eight characters long and mixes letters, numbers and symbols.

What about other publishers? Are there any particular third party games or game-related services on Xbox that aren't as well protected?

I don't know any on the Xbox, but there are positive examples in the gaming industry. Some game providers offer additional security layers to protect players. For example, Battle.net provide two-factor authentication - instead of just typing a static password, you also have to type in a one-time code generated using a token.

Also, Steam Guard links your account to a specific computer - and if anyone tries to access the account from a different machine, they are required to enter an additional form of authentication. It would be good to see such methods more widely adopted.

If you're a victim of data theft, or if you have any further security tips to share, let us know about it.