Microsoft, in an attempt to prevent Xbox Live accounts from being compromised, has apparently added more rigorous security standards to Xbox.com, according to a report emanating from Eurogamer. Certain malicious individuals were previously able to gain access to other users’ XBL accounts by using what is known as a “brute-force method.” The site was allowing said parties to infinitely attempt Windows Live ID passwords — a process that was automated by use of a script.

IT professional Jason Coutee, who himself was victimized by a brute-force attack, tipped Eurogamer off to changes in Xbox.com’s infrastructure. “Shortly after IGN posted the Microsoft response (on Friday), the server over at Xbox.com started handling the brute force script differently,” said Coutee.

“Before, it would just let you try over and over,” explained Coutee. “But now it seems that, even though I’m still able to use the link to get past the CAPTCHA, they handle the sign-in request on the server in a way that it will stop replying after about 20 attempts.”

He continued on to assert that Microsoft may have purposefully made these changes aimed at fixing the problems behind the scenes, and that they kept the front-end the same in what Coutee believes to be a maneuver to discredit him. Whether that is accurate or not remains to be seen. Regardless, he is reporting that Microsoft has successfully “lengthened the time it would take to brute-force Live IDs.”

For its part, the publisher continued its denials of the existence of a security risk on Xbox.com. “This is not a loophole in Xbox.com,” Microsoft flatly told Eurogamer. “The hacking technique outlined is an example of brute force attacks and is an industry-wide issue.”

The software giant’s statement acknowledged that “Security in the technology industry is an ongoing process, and with each new form of technology designed to deter attacks, the attackers try to find new ways to subvert it. We continue to evolve our security features and processes to ensure Xbox Live customers’ information is secure.”

Source: Eurogamer