Microsoft loses $1.2 million due to points exploit

Microsoft has learned first hand how quickly Microsoft Points, the virtual cash of Xbox Live Marketplace, can deplete one’s real life bank account – a website offering 160 Microsoft Points per page refresh has been shutdown, but not before taking the media mogul for $1.2 million dollars.

Hackers discovered an algorithm that allowed them to add numbers to previously used codes, generating fresh ones. Not every code worked, but a majority did. Before the website was shut down, some of the hackers even managed to download a program to automatically generate the codes, saving them the click of a refresh button and granting them a choice between a code for 160 MSP, a Halo: Reach Banshee avatar prop, or a 48 hour Xbox Live trial. Microsoft put a stop to it as soon as they heard, but by that time the website was already crashing due to heavy traffic, with one point pirate claiming to have looted $150 worth of Microsoft Points in 20 minutes.

No word yet on what Microsoft will do, if there is anything they can do, but I’m sure Major Nelson is polishing his banhammer to a brilliant shine even as I type this.