Microsoft’s Latest Security Breach: How to Protect Your Accounts Against Hackers

Chinese hackers working for the company iGSKY have been sued by Microsoft for breaking into multiple Xbox accounts. Court documents detailing the incident reveal that Microsoft employees happened upon an iGSKY website by accident, where users could illegally purchase credits for use on various Microsoft gaming platforms. These credits were purchased using credit cards attached to compromised Microsoft accounts.

The iGSKY and Gameest Hacking Partnership

After running a series of test transactions on the hacked Xbox platforms, Microsoft employees discovered that the iGSKY site’s operator, Gameest International Network Sales, Co. Ltd., had accessed Xbox users’ credit card information when the users purchased gaming credits through their account. This well-known hacking technique is called phishing. These phishing scams often involve disguising a malicious webpage to look like a well trusted site, such as a site for a bank, social networking site, or gaming platform.

Once a user logs into the bogus site, hackers are able to obtain information linked to that user’s account, such as passwords and personal and credit card information. It is estimated that in 2013, hackers made over 5 billion US dollars from phishing campaigns, including from those involving fraudulent websites. Despite this recent scandal, Microsoft continues to be a leader in the fight against hacking and phishing scams, and employs hackers to teach Microsoft computer scientist how to create more secure user platforms.

How You Can Protect Your Microsoft Accounts

Our Microsoft accounts contain many important aspects of our work and personal lives. So how do you keep these accounts safe? Here are a few helpful tips and tricks. While password encryption practices are common knowledge for many hackers and computer users alike, many do not know how to create safer security question answers. Instead of inserting a legitimate answer for security questions such as “What is your mother’s maiden name?” and “What is the name of your first pet?”, consider using an answer that you might use for an actual password, such as aA7b9C, or whatever else you may choose. This way, hackers will not be able to guess the answers to your security questions based any knowledge of you that may be available online.

Compromised Microsoft accounts can be prevented by doing your research to avoid downloading software infected with malware. There are many legitimate sites that let you buy and download Microsoft Office for cheap prices. Legitimate Microsoft Office products will always feature a product key, a Microsoft online account, a Microsoft product license, and of course, the software you are purchasing. Always look at the layout you are purchasing you Microsoft product from. Malicious sites will often be laced with incorrect spelling, improper grammar, and feature a poor site design. Lastly, as the old saying goes, if you think something is too good to be true, it probably is.

Hacking as a Career

Keeping up knowledge of hacking and network security could one day land you a job at Microsoft. Microsoft and other tech companies are known for hiring hacker to hack into their systems and identify bugs in their software. Microsoft has even been known to offer up to $100,000 for information about bugs in their security systems and products before they are released to the public. Continuing your hacking skills will be increasingly important for the job market of the future as computer technology fields continue to grow year after year. 
Irfan Shakeel
Irfan Shakeel, the founder of ehacking project, he also hosts cyber security training classes at EH Academy. He has discovered many vulnerabilities in the famous platforms (like Google, Dailymotion, Harvard University & etc.). He specializes in Network hacking, VoIP pentesting & digital forensics. He is the author of the book title “Hacking from Scratch”.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...