A report emerged last week from a security researcher claiming Microsoft’s Xbox lacked important security features that might protect owners who sell used consoles from having personal information stolen. Ashley Podhradsky of Drexel University claimed to have purchased a used Xbox console and used readily available hacking tools to recover the prior owner’s credit card number and other personal information. “Microsoft does a great job of protecting their proprietary information, but they don’t do a great job of protecting the user’s data,” Podhradsky said at the time.
Microsoft has since responded to the researcher’s claims, stating that they are likely inaccurate.
“We are conducting a thorough investigation into the researchers’ claims. We have requested information that will allow us to investigate the console in question and have still not received the information needed to replicate the researchers’ claims,” Microsoft’s Jim Alkove, General Manager, Security, Interactive Entertainment Business, told BGR in an emailed statement.
Alkove continued, “Xbox is not designed to store credit card data locally on the console, and as such seems unlikely credit card data was recovered by the method described.”
The executive also clarified that Microsoft does take measures to protect user data, even though no credit card details are stored locally. “When Microsoft refurbishes used consoles we have processes in place to wipe the local hard drives of any other user data,” Alkove said. “We can assure Xbox owners we take the privacy and security of their personal data very seriously.”
Podhradsky has not responded to Microsoft’s statement.