Xbox Live customers phished – another bad day for static passwords

So I’ve just been working on a story here about yet another phishing incident, this time affecting Xbox Live customers.

Some reports suggested the criminals involved managed to pilfer millions of pounds from their Xbox victims all over the world, cunningly only siphoning off small amounts of money to avoid detection once they’d managed to phish the initial bank account details.

One thing really struck me looking at this story, and having recently spoken to Cryptocard MD Jason Hart (it’s an authentication security firm if you were wondering). That is, Microsoft was very quick to clarify that its Xbox Live service was not hacked in any way, which is lovely for them, but short on long term answers.

Redmond said how it was helping all its affected customers in any way it could, by trying to “investigate and/or resolve any unauthorised changes to their accounts” which may have occurred as a result of the phishing, but what about preventative measures?

It became clear to the banking community some time ago that one time passwords and two factor authentication were the way forward, when are the big gaming companies finally going to realise that it does their reputation no good at all when stories like this one get out?

It will only take one firm, I predict, to set the ball rolling and soon they’ll all be at it, which will be good news all round for customers and the industry in general.