Microsoft loses thousands via Microsoft Points exploit

By on March 10, 2011, 2:38 PM
Update: Microsoft has confirmed that the exploit actually resulted in much less than the previously estimated. The original story is below:

Earlier this week, a website started offering free Microsoft Points. A group of hackers figured out the algorithm behind a set of promotional codes that were each redeemable for Microsoft Points, which is the currency used on Xbox Live. Knowing the algorithm allowed hackers to add to already used codes to get new ones. Beantown Gamer has the details:

I will keep the name of the website secret as to the integrity of the situation, but I can talk about how easy the process was to obtain all of these points. A reliable source tells me that upon inserting the website into your browser, you let it load the boxes on the screen load. If the boxes have the text 'live content', refresh it until a code appears. Each code is worth a whopping 160 Microsoft Points each, just redeem it on Xbox.com! This process was never ending, just refresh, rinse, and repeat. There were so many people doing this at one point that the website 404ed. In a matter of 20 minutes someone I know has obtained over $150 worth of Microsoft Points.

In other words, a person could just refresh over and over and rack up codes for the 160 Microsoft Points. Not every code would work, but a majority would. There were even mini programs coded up that could get the codes for you.

Microsoft found out about the exploit and put a stop to it immediately. Until that point, however, Internet pirates managed to steal $1.2 million worth of Microsoft Points. One pirate managed to get $150 worth of Microsoft Points in just 20 minutes. Microsoft has yet to say what they plan on doing about the problem, but unless they can isolate the codes from the legitimate ones, they may have to let this one slide.

It's important to note that there are hundreds of websites that claim to give you "free Microsoft Points." Almost all of these are fake; they ask you to fill out countless surveys, hand over your social security number, and are often riddled with malware. The last thing we want is for our TS readers to head over to these websites in the hopes that they'll stumble on a legitimate one they can exploit.





User Comments: 10

Got something to say? Post a comment
r0b0h0b0 said:

In terms relative to what an average individual would experience, "Man loses $3 to faulty vending machine."

Nima304 said:

That's hilarious.

aj_the_kidd said:

r0b0h0b0 said:

In terms relative to what an average individual would experience, "Man loses $3 to faulty vending machine."

I would have said 3 cents

lawfer, TechSpot Paladin, said:

aj_the_kidd said:

r0b0h0b0 said:

In terms relative to what an average individual would experience, "Man loses $3 to faulty vending machine."

I would have said 3 cents

I would have said, the individual wasted TIME instead of money...! This amount is literally nothing to Microsoft.

matrix86 matrix86 said:

Man...wish i had known about this. I don't don't have an X-Box, but I could have sold these suckers to those who didn't already know about this. I don't know how much they are, but i'm sure I could have made a little money off of this, lol.

red1776 red1776, Omnipotent Ruler of the Universe, said:

Quote:r0b0h0b0 said:

In terms relative to what an average individual would experience, "Man loses $3 to faulty vending machine."

I would have said 3 cents

Thats why you should leave the humor to r0b0h0b0 :p jk Aj

KG363 KG363 said:

lawfer said:

I would have said, the individual wasted TIME instead of money...! This amount is literally nothing to Microsoft.

It's not "literally" nothing. It's figuratively nothing. It is literally $1.2million.

Sorry for being a grammar nazi, but this one just irks me.

Guest said:

All we did was edit the INDEX and CODEID in the URL to any 4 digit number. It doesn't take a genius to do it.

People make it sound like we hacked microsoft.

The whole thing was a promotion code that wasn't hidden well enough in a long URL code.

If you would like to hear more, subscriber and message me on youtube for the TRUE story:

www.youtube.com/xboxnolifes

aj_the_kidd said:

Guest said:

All we did was edit the INDEX and CODEID in the URL to any 4 digit number. It doesn't take a genius to do it.

People make it sound like we hacked microsoft.

The whole thing was a promotion code that wasn't hidden well enough in a long URL code.

If you would like to hear more, subscriber and message me on youtube for the TRUE story:

www.youtube.com/xboxnolifes

OH thank god, i wasn't going to sleep until i found out the TRUE story.

Dude all you did was change same params and hit refresh a bunch of times, what else is there to tell.

I suspect you are simply a troll but least you got some points

bonniesmith bonniesmith said:

Another blunder by microsoft, not the first and FOR SURE not the last, they are just a mess lately.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.