Live 'Hacking' Clarified as Pretexting

1up reports on a clarification of last week's Xbox Live security scare. Though there are no technical problems with the service, there is a service problem with the service: account information was obtained via pretexting. Essentially, social engineers called up Xbox Live tech support and lied, saying they were users of certain accounts. Thanks to the sloppy training and privacy consciousness of Live's customer service operators, information was given out that allowed these pretexters onto accounts. "That probably means calling in to deal with customer support about the nitty gritty of your Xbox Live account will become both much more secure and potentially a bit more time-consuming and annoying. That may be the necessary price for full security, although as long as we're dealing with humans (and information that can slip into others' hands), there's sure to be the occasional case of successful pre-texting."

Re:People

[PingSpike]

The weakest link has pretty much always been the people. Security methods change, but the principles behind social engineering are pretty stable.

Hmm

[ajenteks]

That's surprising to me to see that XBL's support staff would be so careless. Last time I called them up it was quite a chore... But then again maybe I had to verify and re-verify personal information to them because I was cancelling and not just getting a password reset.

Impersonate

[Luyseyal]

What the hell is wrong with using the word "impersonate"? At least it doesn't sound anything like sending text messages.

-l