Yesterday afternoon a website started offering free Microsoft Points. I’m sure you if you type “free Microsoft Points” into Google you’ll still get pages upon pages of websites saying you will get free points if you just fill out 4 surveys and give them your social security number. This time, this really was a site giving away free Microsoft Points. Hackers found an algorithem to add to existing, used codes to get new ones. A person would just have to sit back and refresh over and over and rack up the 160MSP codes. Not every code would work, but a majority would. The site started to 404 due to the heavy traffic.
If you have closer ties to the pirating community, you could find a program to get the codes for you. With this, you had a choice between a code for 160MSP, a Halo Reach Banshee avatar prop, or a 48 hour Xbox Live trial. This method took a little more work out of the user, but it was still simple enough for a 12 year old to figure out. A Megaupload link to the .exe file could be found on Xbox pirating websites like xbox360iso.com.
Microsoft found out about this exploit and put a stop to it immediately, but internet pirates still had enough time to steal $1.2 million worth of Microsoft Points (according to Beantown Gamer’s source). One pirate said that they were able to get $150 worth of points in a matter of 20 minutes. Microsoft has yet to say what they plan on doing about this, but it doesn’t seem like there is much they can do other than just bite the bullet on this one.
This causes Microsoft to lose money due to an exploit that allowed people to sit back and hit F5 over and over again to rack up free points causing the company even more grief. The codes where used to purchase games and that would be cause for some legal action, but if the website was so easily exploited, then that should be investigated I think as they company left a unsecured program available on the website and this allowed the exploit in the first place. But this goes to show that users of a popular website will be testing the security and you need to keep up with the latest exploits and make sure that the configuration of your web server and the software and scripts therein are secure to prevent crackers getting in and manipulating the scripts to do what they want. I am sure they can link the codes to the accounts of those who have taken the codes and ban them for failings of the company itself, which hardly has a great track record for security.
In other news a new Doom movie is set to be filmed in 3D, and is set to be a re-boot of the horrible film starring Dwayne Johnson and Karl Urban, which was an absolute load of rubbish and nothing really to do with the Doom games at all, it looked more like the Doom3 game. No one will make a movie of Doom that actually can do the 1993 game justice. Just let it be.