Post on 06-Apr-2018
8/3/2019 Alex Garden, General Manager of Xbox LIVE Letter for Xbox LIVE Community:
1/2
YourSecurityisImportanttoMe
SincetodayisSaferInternetDay,Ithoughtitdbeagoodopportunitytoshareafewthingsthathavebeenonmymindtheselastseveralmonths.HereatMicrosoftweviewthisdaythroughmanylensesfromonlinesafetytoprivacytoaccountanddatasecurityandmore,andwetakeyoursecurityandonlinesafetyveryseriously.
Asallofusknow,accounthijackingacrosstheInternetcontinuestogrow.Itsathrivingalbeitillegalindustryaffectingonlineservicestheglobeover.Lastyear,therewasasurgeofpersonalinformationbeingcompromisedandsold,andthisundoubtedlyhashadanimpactonallofus.WhilewehereatXboxhavenoevidenceofasecuritybreachintheXboxLIVEservice,thatisoflittlecomforttoourmemberswhoseaccountshavebeencompromisedbymaliciousandillegalattacks.
ItsinthisveinImremindedhowimportantitistolistentoyou,ourmemberstoreallylisten,toreallyhearandtoreallydosomethingwithwhatyousay.Icanassureyouwearelisteningandcontinuetotakeaggressivestepstohelpprot
ectyouagainstever-changingthreats.WealsocaredeeplyabouthowthisongoingissueaffectsyourexperiencewithXboxLIVEandyourtrustinus.
Securityisanongoingbattle.NomatterhowwellweworktoimprovesecurityandweareworkingeverydaytobringnewformsofprotectiontoXboxLIVEourworkwillneverend.Witheverymeasureweputinplace,ill-intentionedpeoplewillcreatenewwaystoattackonlineservices.
ThatswhyIbelieveitsmoreimportantthaneverthatourmembersarearmedwithinformationandsecuritytoolstoactivelypartnerwithusinthiswaronfraud.Wehaveadedicatedwebpageathttp://xbox.com/securitydetailingallthestepsyoucantaketodaytohelpprotectyouraccount.
Whatyoullseehereisthemostcommonsourcesofattackcontinuetoinvolve:socialengineeringtogatherinformationabouttheusertoguessthepassword;phishing,wherebytheusertypestheaccountpasswordintoanillegitimatewebsitethatispretendingtobesomethingelse;malicioussoftwareonthecomputerthathascapturedthepassword;orusingthesamepasswordfromanotheronlineservicethathasbeenbreached.
Isharetheserealitiesinhopethatourmemberswillworkwithustoreducetheeaseofaccessforhackers.Personalaccountsecuritystartswithsettingstrongpasswordsandroutinelychangingthem,usingavalidemailandauniquepasswordforeachonlineservice,addingaphonenumber,alternateemailaddress,andauniqueandprivatesecurityquestionviatheWindowsLIVEIDAccountManagemen
tsite(https://account.live.com/Proofs/Manage),andreducingtheamountofpersonalinformationsharedonlineorthroughsocialnetworks.Moreandmore,beingmindfulofwhereyoulogintoonlineservices,evenwhennotusingXboxLIVE,andusingsingle-usecodes(http://explore.live.com/windows-live-sign-in-single-use-code-faq),providesaddedprotection,especiallywhenyouresigninginfromaPCthatisntyourown.Workingtogetherwecanprevailoverthecriminals.
Irealizeitmayfallflatwhenwedontsharespecificdetailsofoursecurityarchitecture.However,someofthesecuritymeasureswehaveinplacetohelpprotectourmembersincludepassword-attemptthrottling,CAPTCHA(anindustry-standardanti-scriptingmeasuredesignedsothatanactualhumanneedstoanswerthechallenge),strongproofs(trustedPC,pinsenttocellphone,secondarye-mailandsecurityquestions),andaccountlockoutformultiplefailedattemptsandcom
promisedaccounts,whichweinvestigateandrecovertotherightfulowner.
Gettingaheadofpotentialthreatsofharmisanimportantareaoffocus.Atab
8/3/2019 Alex Garden, General Manager of Xbox LIVE Letter for Xbox LIVE Community:
2/2
roaderlevel,Microsoftcontinuestoinvestigatecyber-criminalsandbotnets,andhelpshutthemdown.Andalthoughthisisanindustry-widechallenge,weareanindustry-leadingcompanythatbelievesinourresponsibilitytoactivelyaddressonlinefraudandidentitytheft.Aspartofthiscommitment,wecontinuetoputinplacesecurityfeaturesandprocessimprovementstohelpsecureXboxLIVE.
Recoveringcompromisedaccountsinatimelymannerisalsoapriorityandanareawherewevemade,andwillcontinuetomake,improvements.Wehaveinvestedmoreresourcesinouraccountrecoveryprocessandasaresult,formostnewfraudcaseswearenowabletoinvestigateandreturnaccountswithinthreedays.Foruserswhohaveaddedstrongproofstotheiraccounts,thismaybeasfastas24hours.Westillhaveafewcasesthataretakinglongertofullyrecoverandsomerefundsarestillbeingprocessed,butweremakinggreatstrides.Wehopeourcustomersareexperiencingtheimprovementsfirsthand.
WedonottakelightlythefrustrationsweveheardfromourloyalXboxLIVEmembersandremaincommittedtoaddressingandpersistentlyresolvingourcustomersindividualandcollectiveconcerns.Fornow,ifyouhaveaproblemwehaventyetre
solved,pleaseemailme.AlsotuneintoMajorNelsonspodcastthisweektohearmoreaboutourworkinthewaronfraud.
Withmysincerecommitmenttolistenandtakeaction,
AlexGardenEmail:AlexdotGardenatMicrosoftdotcomGeneralManager,XboxLIVE