FIFA Ultimate Team XBL account hijacks were "not a hack"
Microsoft insists user security is "ingrained in its DNA".
A recent spate of Xbox Live account hijackings involving unauthorised FIFA Ultimate Team pack purchases are not due to a system exploit or hack, Microsoft has clarified.
Speaking in an interview with Eurogamer, Microsoft's online safety director Doug Park insisted that the problem didn't represent "a new attack vector".
"It's not a hack, it's really just a different way to monetise stolen accounts," he explained.
"Any service has compromises. Facebook has compromises, WOW has compromises. What they're really doing is trying to make money off those compromises. So FIFA is a very popular title - it's just a new way for the bad guys to make money. It wasn't, based on our investigation... we didn't see anything new. It was just a different avenue."
When pushed for more information on exactly what the thieves are up to, Park suggested that a run-of-the-mill data phishing scam was the cause, though wouldn't go into specifics.
"I'm not getting into super detail on that, but there are the basics of account compromise. There's phishing, there's social engineering, there's malware. Based off of the industry today, most of it comes off malware and phishing. If they get the accounts, they sell it," he said.
"That's really all they were doing. Whether it's FIFA, or an account with a PlayStation subscription, or an account with a Live subscription, it's all basically the same thing."
So, what is Microsoft planning to do to ensure it doesn't happen again? Xbox communications director Craig Cincotta chimed in, insisting that protecting its users from security threats is "ingrained in the DNA" of Microsoft's business.
"You come in every day and try to stay ahead of these things. There are teams of people who are thinking about this day in, day out," he explained.
"You try to get to the place where you're most prepared and most well informed. That's a constant state. It's not like it's, 'Oh, we've solved that security thing'. No. You just constantly do it.
"Part of it is the responsibility to our user base. If we're going to provide people with the types of functionality and experiences they want, it's our responsibility to stay ahead of the types of exploits that we need to protect people from."
The FIFA issue first raised its head last month, when a significant number of users reported that their accounts had been taken over by cyber thieves and were being used to purchase FIFA Ultimate Team content packs, presumably for re-sale.
At the time, Microsoft announced that it was "working with our impacted members directly to resolve any unauthorised changes to their accounts."