If you are an Xbox Live subscriber, there is a list going around the interwebz that just might have your account information on it. A document was found today that contains over 250 sets of Live ID and password combinations that were apparently phished through a fake Xbox Live sign-in page sometime in November and December last year. This information could allow the thieves to ruin online reputations, cause gamertag changes, and access credit card information. Having access to this information also lets the culprit see what email accounts are associated with the Live ID, and once someone gets into your primary email the damage can be phenomenal.
The list actually totals more than 300 entries but some of the information appears to be duplicate, and some obviously fake information added to annoy those who would use the information in the document. Not a good move according to Christopher Boyd, “…it’s never a good idea to enter fake info on Phishing pages – it not only makes it harder for people who wade through this info looking for victims to contact, it also opens you up to potential retaliation attacks from the Phishers.”
Boyd speculates that the list may have been a personal stash that has just been put out to gain respect within the underground scene, as a majority of the Live ID’s are still accessible. Microsoft has been notified about the breach in security and should move swiftly and silently, like CyberNinjas.
Remember kids, be safe while online. Change your passwords regularly and do not use the same password for every account you have. Utilize your browsers phishing alerts and make sure the page is secure when logging in. Now you know, and knowing is half the battle.