Slashdot Mirror

← Back to Stories (view on slashdot.org)

$1.2 Million Worth of MS Points Taken After Hackers Figure Out Code Algorithm

Posted by Soulskill on from the going-for-the-gusto dept.

The Save and Quit blog reports that a group of hackers figured out the algorithm behind a set of promotional codes that were each redeemable for 160 MS points, the currency used on Xbox Live. Quoting: "A person would just have to sit back and refresh over and over and rack up the 160MSP codes. Not every code would work, but a majority would. The site started to 404 due to the heavy traffic. If you have closer ties to the pirating community, you could find a program to get the codes for you. ... This method took a little more work out of the user, but it was still simple enough for a 12 year old to figure out. ... Microsoft found out about this exploit and put a stop to it immediately, but internet pirates still had enough time to steal $1.2 million worth of Microsoft Points."

2 of 203 comments (clear)

  1. Didn't hack the algorithm by russotto · · Score: 3, Informative

    It appears the algorithm wasn't actually determined. Rather, Microsoft essentially left a code generator which took unencrypted parameters available on a web page. Amateur mistake.

    1. Re:Didn't hack the algorithm by wbav · · Score: 3, Informative

      Microsoft has taken action already:
      http://kotaku.com/#!5780686

      --

      =================
      Unix is very user friendly, it's just picky about who its friends are.