You might not want to sell or give away your Xbox 360 any time soon. Not without taking a hammer to the hard drive.
Even restoring your console to factory settings wonât remove some of the data it stores, according to an ongoing study from researchers at Drexel University. And with a handful of common tools, hackers and modders can dig into a systemâs hard drive and excavate your credit card number or other personal information.
Speaking to Kotaku in a phone interview today, researcher Ashley Podhradsky said Xbox publisher Microsoft is doing a âdisserviceâ to its customers by not doing a better job of keeping personal data protected.
âMicrosoft does a great job of protecting their proprietary information,â she said. âBut they donât do a great job of protecting the userâs data.â
Podhradsky, along with colleagues Rob DâOvidio and Cindy Casey at Drexel and Pat Engebretson at Dakota State University, bought a refurbished Xbox 360 from a Microsoft-authorized retailer last year. They downloaded a basic modding tool and used it to crack open the gaming console, giving them access to its files and folders. After some work, they were able to identify and extract the original ownerâs credit card information.
We reached out to Microsoft for comment on this issue, but as of press time, they have not yet responded.
Update: Microsoft has said it is investigating this issue
Podhradsky isnât even a gamer, she says. For seasoned modders and hackers, the process might be even easier.
âA lot of them already know how to do all this,â she said. âAnyone can freely download a lot of this software, essentially pick up a discarded game console, and have someoneâs identity.â
So what should you do if you want to get rid of your Xbox 360 but you donât want your personal information compromised? Podhradsky recommends detaching your 360âs hard drive, hooking it up to your computer, and using a sanitization program like Darikâs Boot & Nuke to wipe everything out. Just reformatting the system isnât enough.
âI think Microsoft has a longstanding pattern of this,â Podhradsky said. âWhen you go and reformat your computer, like a Windows system, it tells you that all of your data will be erased. In actuality thatâs not accurateâthe data is still available⊠so when Microsoft tells you that youâre resetting something, itâs not accurate.
âThereâs a lot more that needs to be done.â
