A group of researchers from Drexel University claim that data left behind on an old Xbox 360 hard drive is susceptible to theft, even after the drive has been reset to factory defaults.
During a phone interview with Kotaku, Ashley Podhradsky told the publication that Microsoft does a great job of protecting their proprietary information but ultimately is doing a disservice to their customers by not doing a better job at keeping their personal data protected from would-be thieves.
The team came to this conclusion after they purchased a refurbished Xbox 360 last year from an authorized Microsoft retailer. They were able to download readily-available modding tools and used them to access the hard drive. It took a bit of work but eventually the crew was able to locate and access the previous owner’s credit card information.
A credit card is needed to pay for items via Xbox Live, including game downloads, add-ons and the service subscription itself. Jim Alkove, general manager for Microsoft Interactive Entertainment Business told CNET in a statement that the Xbox is not designed to store card holder’s information and that it seems unlikely that data was recovered this way.
Microsoft has requested information from the Drexel researchers that will allow them to investigate the matter further but as of writing, that information hasn’t been provided.
"We can assure Xbox owners we take the privacy and security of their personal data very seriously," Alkove said.
We’ll keep an eye on this story as it develops but in the meantime, it might not be a bad idea to keep that old hard drive and either connect it to a PC to properly wipe it or physically destroy it if you don’t plan to reuse it.